input: syz1 as /devices/virtual/input/input19
input: syz1 as /devices/virtual/input/input20
==================================================================
BUG: KASAN: use-after-free in ifname_compare_aligned include/linux/netfilter/x_tables.h:362 [inline]
BUG: KASAN: use-after-free in ip6_packet_match net/ipv6/netfilter/ip6_tables.c:124 [inline]
BUG: KASAN: use-after-free in ip6t_do_table+0x1545/0x1860 net/ipv6/netfilter/ip6_tables.c:382
Read of size 8 at addr ffff8801cfedc000 by task syz-executor.5/5968

CPU: 1 PID: 5968 Comm: syz-executor.5 Not tainted 4.4.174+ #4
 0000000000000000 84531ff764b8986a ffff8801d9737108 ffffffff81aad1a1
 0000000000000000 ffffea00073fb700 ffff8801cfedc000 0000000000000008
 dffffc0000000000 ffff8801d9737140 ffffffff81490120 0000000000000000
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81490120>] print_address_description+0x6f/0x21b mm/kasan/report.c:252
 [<ffffffff81490358>] kasan_report_error mm/kasan/report.c:351 [inline]
 [<ffffffff81490358>] kasan_report mm/kasan/report.c:408 [inline]
 [<ffffffff81490358>] kasan_report.cold+0x8c/0x2be mm/kasan/report.c:393
 [<ffffffff81484ed4>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429
 [<ffffffff82685b15>] ifname_compare_aligned include/linux/netfilter/x_tables.h:362 [inline]
 [<ffffffff82685b15>] ip6_packet_match net/ipv6/netfilter/ip6_tables.c:124 [inline]
 [<ffffffff82685b15>] ip6t_do_table+0x1545/0x1860 net/ipv6/netfilter/ip6_tables.c:382
 [<ffffffff8268def5>] ip6table_filter_hook+0x65/0x80 net/ipv6/netfilter/ip6table_filter.c:38
 [<ffffffff822f84a6>] nf_iterate+0x186/0x220 net/netfilter/core.c:274
 [<ffffffff822f86f6>] nf_hook_slow+0x1b6/0x340 net/netfilter/core.c:306
 [<ffffffff826bf429>] nf_hook_thresh include/linux/netfilter.h:187 [inline]
 [<ffffffff826bf429>] nf_hook include/linux/netfilter.h:197 [inline]
 [<ffffffff826bf429>] __ip6_local_out+0x309/0x4b0 net/ipv6/output_core.c:157
 [<ffffffff826bf5f9>] ip6_local_out+0x29/0x180 net/ipv6/output_core.c:167
 [<ffffffff825b28c2>] ip6_send_skb+0xa2/0x340 net/ipv6/ip6_output.c:1725
 [<ffffffff82611618>] udp_v6_send_skb+0x438/0xe90 net/ipv6/udp.c:1066
 [<ffffffff826122b5>] udp_v6_push_pending_frames+0x245/0x360 net/ipv6/udp.c:1098
 [<ffffffff82613ee7>] udpv6_sendmsg+0x1a37/0x24f0 net/ipv6/udp.c:1358
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d9e69>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975
 [<ffffffff821dd2e0>] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060
 [<ffffffff821dd4c5>] SYSC_sendmmsg net/socket.c:2090 [inline]
 [<ffffffff821dd4c5>] SyS_sendmmsg+0x35/0x60 net/socket.c:2085
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a

The buggy address belongs to the page:
page:ffffea00073fb700 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x4000000000000000()
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801cfedbf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8801cfedbf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8801cfedc000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff8801cfedc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8801cfedc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================