=====================================================
BUG: KMSAN: use-after-free in ip6_ignore_linkdown include/net/addrconf.h:402 [inline]
BUG: KMSAN: use-after-free in find_match+0x317/0x1480 net/ipv6/route.c:749
CPU: 0 PID: 20778 Comm: syz-executor.1 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 ip6_ignore_linkdown include/net/addrconf.h:402 [inline]
 find_match+0x317/0x1480 net/ipv6/route.c:749
 __find_rr_leaf+0x3f9/0x1160 net/ipv6/route.c:837
 find_rr_leaf net/ipv6/route.c:858 [inline]
 rt6_select net/ipv6/route.c:902 [inline]
 fib6_table_lookup+0x586/0x1420 net/ipv6/route.c:2170
 ip6_pol_route+0x203/0x2960 net/ipv6/route.c:2206
 ip6_pol_route_output+0x11b/0x140 net/ipv6/route.c:2455
 fib6_rule_lookup+0x38f/0xa10 net/ipv6/fib6_rules.c:114
 ip6_route_output_flags_noref+0x57b/0x5d0 net/ipv6/route.c:2487
 ip6_route_output_flags+0xcb/0x390 net/ipv6/route.c:2500
 ip6_route_output include/net/ip6_route.h:98 [inline]
 ip6_dst_lookup_tail+0xfbd/0x2010 net/ipv6/ip6_output.c:1025
 ip6_dst_lookup_flow+0x102/0x250 net/ipv6/ip6_output.c:1153
 ip6_datagram_dst_update+0xa08/0xff0 net/ipv6/datagram.c:88
 __ip6_datagram_connect+0x14a7/0x1a90 net/ipv6/datagram.c:247
 ip6_datagram_connect+0xac/0xf0 net/ipv6/datagram.c:271
 inet_dgram_connect+0x339/0x660 net/ipv4/af_inet.c:571
 __sys_connect_file net/socket.c:1857 [inline]
 __sys_connect+0x6f7/0x770 net/socket.c:1874
 __do_sys_connect net/socket.c:1885 [inline]
 __se_sys_connect+0x8d/0xb0 net/socket.c:1882
 __x64_sys_connect+0x4a/0x70 net/socket.c:1882
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45c449
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fe04d78dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007fe04d78e6d4 RCX: 000000000045c449
RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000006
RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000082 R14: 00000000004c2d8a R15: 000000000076c06c

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_free+0x6e/0xb0 mm/kmsan/kmsan_hooks.c:107
 slab_free_freelist_hook mm/slub.c:1477 [inline]
 slab_free mm/slub.c:3040 [inline]
 kfree+0x565/0x30a0 mm/slub.c:3993
 snmp6_free_dev net/ipv6/addrconf_core.c:224 [inline]
 in6_dev_finish_destroy_rcu+0x64/0x120 net/ipv6/addrconf_core.c:233
 rcu_do_batch kernel/rcu/tree.c:2186 [inline]
 rcu_core+0xb8a/0x19f0 kernel/rcu/tree.c:2410
 rcu_core_si+0xe/0x10 kernel/rcu/tree.c:2419
 __do_softirq+0x311/0x83d kernel/softirq.c:293
=====================================================