[ 113.636983][ T27] audit: type=1800 audit(1582114195.023:36): pid=10645 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 114.456521][ T27] audit: type=1400 audit(1582114195.963:37): avc: denied { watch } for pid=10736 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. syzkaller login: [ 122.518947][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 122.518963][ T27] audit: type=1400 audit(1582114204.033:42): avc: denied { map } for pid=10835 comm="syz-executor629" path="/root/syz-executor629678995" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 122.544693][T10836] IPVS: ftp: loaded support on port[0] = 21 [ 122.603696][T10836] chnl_net:caif_netlink_parms(): no params data found [ 122.644453][T10836] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.652315][T10836] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.660721][T10836] device bridge_slave_0 entered promiscuous mode [ 122.669893][T10836] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.677208][T10836] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.684845][T10836] device bridge_slave_1 entered promiscuous mode [ 122.702195][T10836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.713887][T10836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.734300][T10836] team0: Port device team_slave_0 added [ 122.743875][T10836] team0: Port device team_slave_1 added [ 122.759800][T10836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.767734][T10836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.794019][T10836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.808232][T10836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.815358][T10836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.841598][T10836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.896966][T10836] device hsr_slave_0 entered promiscuous mode [ 122.955268][T10836] device hsr_slave_1 entered promiscuous mode [ 123.102606][ T27] audit: type=1400 audit(1582114204.613:43): avc: denied { create } for pid=10836 comm="syz-executor629" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 123.106095][T10836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 123.136253][ T27] audit: type=1400 audit(1582114204.613:44): avc: denied { write } for pid=10836 comm="syz-executor629" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 123.162467][ T27] audit: type=1400 audit(1582114204.613:45): avc: denied { read } for pid=10836 comm="syz-executor629" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 123.198483][T10836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 123.258214][T10836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 123.317382][T10836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 123.373698][T10836] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.381078][T10836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.388908][T10836] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.396160][T10836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.453019][T10836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.470374][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 123.481879][ T2827] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.490400][ T2827] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.498718][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 123.512876][T10836] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.526589][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 123.536299][ T3082] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.543566][ T3082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.565357][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 123.573983][ T2827] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.581222][ T2827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.591877][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 123.601438][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 123.611013][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 123.622962][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 123.632559][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 123.650801][T10836] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 123.663279][T10836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 123.680243][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 123.690473][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 123.699230][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 123.708297][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 123.716939][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 123.738822][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 123.747282][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 123.761305][T10836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.785511][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 123.794712][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 123.816893][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 123.827192][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 123.837962][T10836] device veth0_vlan entered promiscuous mode [ 123.845860][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 123.853860][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 123.869070][T10836] device veth1_vlan entered promiscuous mode [ 123.895726][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 123.904035][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 123.912583][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 123.921517][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 123.933756][T10836] device veth0_macvtap entered promiscuous mode [ 123.945379][T10836] device veth1_macvtap entered promiscuous mode [ 123.966777][T10836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.977937][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 123.986432][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 123.994751][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 124.004525][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.018284][T10836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.026367][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 124.036259][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 124.255205][ C1] ================================================================== [ 124.264059][ C1] BUG: KASAN: use-after-free in find_match+0xb39/0xc90 [ 124.270951][ C1] Read of size 8 at addr ffff88808ed70320 by task kworker/1:75/3086 [ 124.278962][ C1] [ 124.281352][ C1] CPU: 1 PID: 3086 Comm: kworker/1:75 Not tainted 5.6.0-rc2-syzkaller #0 [ 124.289755][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.300034][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 124.306003][ C1] Call Trace: [ 124.309271][ C1] [ 124.312123][ C1] dump_stack+0x197/0x210 [ 124.316453][ C1] ? find_match+0xb39/0xc90 [ 124.320984][ C1] print_address_description.constprop.0.cold+0xd4/0x30b [ 124.328120][ C1] ? find_match+0xb39/0xc90 [ 124.332766][ C1] ? find_match+0xb39/0xc90 [ 124.337272][ C1] __kasan_report.cold+0x1b/0x32 [ 124.342572][ C1] ? find_match+0xb39/0xc90 [ 124.347100][ C1] kasan_report+0x12/0x20 [ 124.351428][ C1] __asan_report_load8_noabort+0x14/0x20 [ 124.357049][ C1] find_match+0xb39/0xc90 [ 124.361378][ C1] ? rcu_read_lock_held+0x9c/0xb0 [ 124.366449][ C1] ? rcu_read_lock_held_common+0x130/0x130 [ 124.372269][ C1] __find_rr_leaf+0x14e/0x750 [ 124.377026][ C1] ? nexthop_is_blackhole+0x690/0x690 [ 124.382397][ C1] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 124.388555][ C1] ? rcu_read_lock_held+0x9c/0xb0 [ 124.393577][ C1] ? rcu_read_lock_held_common+0x130/0x130 [ 124.399874][ C1] fib6_table_lookup+0x697/0xdb0 [ 124.404935][ C1] ? rt6_age_exceptions+0x130/0x130 [ 124.410268][ C1] ? __kasan_check_read+0x11/0x20 [ 124.415305][ C1] ip6_pol_route+0x1f6/0xa70 [ 124.419916][ C1] ? ip6_pol_route_lookup+0x12e0/0x12e0 [ 124.426023][ C1] ? flow_hash_from_keys+0x2c4/0x8c0 [ 124.431890][ C1] ip6_pol_route_input+0x65/0x80 [ 124.436832][ C1] fib6_rule_lookup+0x133/0x7d0 [ 124.441678][ C1] ? ip6_pol_route+0xa70/0xa70 [ 124.446674][ C1] ? fib6_lookup+0x340/0x340 [ 124.451279][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 124.457514][ C1] ? nf_conntrack_icmpv6_error+0x3c1/0x560 [ 124.463334][ C1] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 124.469255][ C1] ip6_route_input_lookup+0xb7/0xd0 [ 124.474457][ C1] ip6_route_input+0x5f0/0xa40 [ 124.479310][ C1] ? ip6_route_check_nh+0x670/0x670 [ 124.484594][ C1] ? cpuup_canceled+0xf8/0x1d0 [ 124.489375][ C1] ? rcu_read_lock_held+0x9c/0xb0 [ 124.494396][ C1] ? rcu_read_lock_held_common+0x130/0x130 [ 124.500200][ C1] ip6_rcv_finish_core.isra.0+0x174/0x590 [ 124.506285][ C1] ip6_rcv_finish+0x17a/0x310 [ 124.511463][ C1] ipv6_rcv+0x10e/0x420 [ 124.515622][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30 [ 124.521090][ C1] ? ip6_rcv_finish_core.isra.0+0x590/0x590 [ 124.526978][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30 [ 124.532533][ C1] __netif_receive_skb_one_core+0x113/0x1a0 [ 124.538418][ C1] ? __netif_receive_skb_core+0x30b0/0x30b0 [ 124.544515][ C1] ? lock_acquire+0x190/0x410 [ 124.549279][ C1] ? process_backlog+0x1b5/0x780 [ 124.554203][ C1] __netif_receive_skb+0x2c/0x1d0 [ 124.559216][ C1] process_backlog+0x226/0x780 [ 124.564116][ C1] ? net_rx_action+0x27b/0x1120 [ 124.568967][ C1] ? lockdep_hardirqs_on+0x19e/0x5e0 [ 124.574245][ C1] net_rx_action+0x508/0x1120 [ 124.579042][ C1] ? napi_busy_loop+0x970/0x970 [ 124.583886][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 124.589418][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 124.595422][ C1] ? ip6_finish_output2+0x10d3/0x25c0 [ 124.600874][ C1] ? trace_hardirqs_on+0x67/0x240 [ 124.605899][ C1] __do_softirq+0x262/0x98c [ 124.610410][ C1] ? ip6_finish_output2+0x10d3/0x25c0 [ 124.615828][ C1] do_softirq_own_stack+0x2a/0x40 [ 124.620860][ C1] [ 124.623802][ C1] do_softirq.part.0+0x11a/0x170 [ 124.628741][ C1] __local_bh_enable_ip+0x211/0x270 [ 124.633950][ C1] ip6_finish_output2+0x1101/0x25c0 [ 124.639141][ C1] ? ip6_frag_next+0xb20/0xb20 [ 124.643901][ C1] ? lock_downgrade+0x920/0x920 [ 124.648878][ C1] ? __kasan_check_read+0x11/0x20 [ 124.653908][ C1] __ip6_finish_output+0x444/0xaa0 [ 124.659010][ C1] ? __ip6_finish_output+0x444/0xaa0 [ 124.664304][ C1] ip6_finish_output+0x38/0x1f0 [ 124.669169][ C1] ip6_output+0x25e/0x880 [ 124.673505][ C1] ? ip6_finish_output+0x1f0/0x1f0 [ 124.678618][ C1] ? __ip6_finish_output+0xaa0/0xaa0 [ 124.683907][ C1] ndisc_send_skb+0xf1f/0x1490 [ 124.688720][ C1] ? nf_hook.constprop.0+0x560/0x560 [ 124.694019][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.700280][ C1] ? skb_set_owner_w+0x265/0x410 [ 124.705245][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 124.711079][ C1] ndisc_send_ns+0x3a9/0x850 [ 124.715679][ C1] ? mark_held_locks+0xa4/0xf0 [ 124.720444][ C1] ? ndisc_netdev_event+0x5e0/0x5e0 [ 124.725805][ C1] ? lockdep_hardirqs_on+0x421/0x5e0 [ 124.731329][ C1] ? addrconf_dad_work+0xb2c/0x11d0 [ 124.736523][ C1] ? trace_hardirqs_on+0x67/0x240 [ 124.741559][ C1] ? addrconf_dad_work+0xb2c/0x11d0 [ 124.746760][ C1] addrconf_dad_work+0xbf3/0x11d0 [ 124.751794][ C1] ? addrconf_dad_completed+0xbb0/0xbb0 [ 124.757454][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 124.763430][ C1] ? trace_hardirqs_on+0x67/0x240 [ 124.768465][ C1] process_one_work+0xa05/0x17a0 [ 124.773403][ C1] ? mark_held_locks+0xf0/0xf0 [ 124.778171][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 124.783541][ C1] ? lock_acquire+0x190/0x410 [ 124.788231][ C1] worker_thread+0x98/0xe40 [ 124.792732][ C1] ? trace_hardirqs_on+0x67/0x240 [ 124.797785][ C1] kthread+0x361/0x430 [ 124.801842][ C1] ? process_one_work+0x17a0/0x17a0 [ 124.807029][ C1] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 124.812760][ C1] ret_from_fork+0x24/0x30 [ 124.817241][ C1] [ 124.819563][ C1] Allocated by task 10836: [ 124.823977][ C1] save_stack+0x23/0x90 [ 124.828313][ C1] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 124.833936][ C1] kasan_kmalloc+0x9/0x10 [ 124.838262][ C1] __kmalloc_node+0x4e/0x70 [ 124.842829][ C1] kvmalloc_node+0x68/0x100 [ 124.847340][ C1] alloc_netdev_mqs+0x98/0xe40 [ 124.852090][ C1] vti6_init_net+0x244/0x810 [ 124.856682][ C1] ops_init+0xb3/0x420 [ 124.860857][ C1] setup_net+0x2d5/0x8b0 [ 124.865095][ C1] copy_net_ns+0x29e/0x5a0 [ 124.869535][ C1] create_new_namespaces+0x403/0xb50 [ 124.874808][ C1] unshare_nsproxy_namespaces+0xc2/0x200 [ 124.880429][ C1] ksys_unshare+0x444/0x980 [ 124.885884][ C1] __x64_sys_unshare+0x31/0x40 [ 124.890643][ C1] do_syscall_64+0xfa/0x790 [ 124.895155][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 124.901035][ C1] [ 124.903357][ C1] Freed by task 10836: [ 124.907444][ C1] save_stack+0x23/0x90 [ 124.911594][ C1] __kasan_slab_free+0x102/0x150 [ 124.916611][ C1] kasan_slab_free+0xe/0x10 [ 124.921104][ C1] kfree+0x10a/0x2c0 [ 124.925002][ C1] __netdev_name_node_alt_destroy+0x1ff/0x2a0 [ 124.931200][ C1] netdev_name_node_alt_destroy+0x57/0x80 [ 124.937083][ C1] rtnl_linkprop.isra.0+0x575/0x6f0 [ 124.942275][ C1] rtnl_dellinkprop+0x46/0x60 [ 124.946950][ C1] rtnetlink_rcv_msg+0x45e/0xaf0 [ 124.951948][ C1] netlink_rcv_skb+0x177/0x450 [ 124.956824][ C1] rtnetlink_rcv+0x1d/0x30 [ 124.961232][ C1] netlink_unicast+0x59e/0x7e0 [ 124.966293][ C1] netlink_sendmsg+0x91c/0xea0 [ 124.971106][ C1] sock_sendmsg+0xd7/0x130 [ 124.975515][ C1] ____sys_sendmsg+0x753/0x880 [ 124.980331][ C1] ___sys_sendmsg+0x100/0x170 [ 124.985270][ C1] __sys_sendmsg+0x105/0x1d0 [ 124.989859][ C1] __x64_sys_sendmsg+0x78/0xb0 [ 124.994670][ C1] do_syscall_64+0xfa/0x790 [ 124.999166][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.005047][ C1] [ 125.007366][ C1] The buggy address belongs to the object at ffff88808ed70000 [ 125.007366][ C1] which belongs to the cache kmalloc-4k of size 4096 [ 125.021409][ C1] The buggy address is located 800 bytes inside of [ 125.021409][ C1] 4096-byte region [ffff88808ed70000, ffff88808ed71000) [ 125.034953][ C1] The buggy address belongs to the page: [ 125.040628][ C1] page:ffffea00023b5c00 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0 [ 125.052078][ C1] flags: 0xfffe0000010200(slab|head) [ 125.057471][ C1] raw: 00fffe0000010200 ffffea000237fe88 ffffea0002192808 ffff8880aa402000 [ 125.066046][ C1] raw: 0000000000000000 ffff88808ed70000 0000000100000001 0000000000000000 [ 125.074725][ C1] page dumped because: kasan: bad access detected [ 125.081116][ C1] [ 125.083422][ C1] Memory state around the buggy address: [ 125.089044][ C1] ffff88808ed70200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.097096][ C1] ffff88808ed70280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.105165][ C1] >ffff88808ed70300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.113254][ C1] ^ [ 125.120736][ C1] ffff88808ed70380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.128806][ C1] ffff88808ed70400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.136985][ C1] ================================================================== [ 125.145085][ C1] Disabling lock debugging due to kernel taint [ 125.151306][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 125.158263][ C1] CPU: 1 PID: 3086 Comm: kworker/1:75 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 125.168179][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.178281][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 125.184252][ C1] Call Trace: [ 125.187521][ C1] [ 125.190364][ C1] dump_stack+0x197/0x210 [ 125.194696][ C1] panic+0x2e3/0x75c [ 125.198580][ C1] ? add_taint.cold+0x16/0x16 [ 125.203255][ C1] ? trace_hardirqs_on+0x5e/0x240 [ 125.208291][ C1] ? trace_hardirqs_on+0x5e/0x240 [ 125.213340][ C1] ? find_match+0xb39/0xc90 [ 125.217837][ C1] end_report+0x47/0x4f [ 125.221980][ C1] ? find_match+0xb39/0xc90 [ 125.226475][ C1] __kasan_report.cold+0xe/0x32 [ 125.231840][ C1] ? find_match+0xb39/0xc90 [ 125.236363][ C1] kasan_report+0x12/0x20 [ 125.240677][ C1] __asan_report_load8_noabort+0x14/0x20 [ 125.246342][ C1] find_match+0xb39/0xc90 [ 125.250666][ C1] ? rcu_read_lock_held+0x9c/0xb0 [ 125.255767][ C1] ? rcu_read_lock_held_common+0x130/0x130 [ 125.261673][ C1] __find_rr_leaf+0x14e/0x750 [ 125.266339][ C1] ? nexthop_is_blackhole+0x690/0x690 [ 125.271789][ C1] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 125.278077][ C1] ? rcu_read_lock_held+0x9c/0xb0 [ 125.283203][ C1] ? rcu_read_lock_held_common+0x130/0x130 [ 125.289177][ C1] fib6_table_lookup+0x697/0xdb0 [ 125.294103][ C1] ? rt6_age_exceptions+0x130/0x130 [ 125.299305][ C1] ? __kasan_check_read+0x11/0x20 [ 125.304460][ C1] ip6_pol_route+0x1f6/0xa70 [ 125.309080][ C1] ? ip6_pol_route_lookup+0x12e0/0x12e0 [ 125.314810][ C1] ? flow_hash_from_keys+0x2c4/0x8c0 [ 125.320084][ C1] ip6_pol_route_input+0x65/0x80 [ 125.325011][ C1] fib6_rule_lookup+0x133/0x7d0 [ 125.329904][ C1] ? ip6_pol_route+0xa70/0xa70 [ 125.334714][ C1] ? fib6_lookup+0x340/0x340 [ 125.339393][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 125.345641][ C1] ? nf_conntrack_icmpv6_error+0x3c1/0x560 [ 125.351848][ C1] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 125.357737][ C1] ip6_route_input_lookup+0xb7/0xd0 [ 125.362929][ C1] ip6_route_input+0x5f0/0xa40 [ 125.367678][ C1] ? ip6_route_check_nh+0x670/0x670 [ 125.372970][ C1] ? cpuup_canceled+0xf8/0x1d0 [ 125.377732][ C1] ? rcu_read_lock_held+0x9c/0xb0 [ 125.382757][ C1] ? rcu_read_lock_held_common+0x130/0x130 [ 125.388564][ C1] ip6_rcv_finish_core.isra.0+0x174/0x590 [ 125.394275][ C1] ip6_rcv_finish+0x17a/0x310 [ 125.399012][ C1] ipv6_rcv+0x10e/0x420 [ 125.403160][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30 [ 125.408617][ C1] ? ip6_rcv_finish_core.isra.0+0x590/0x590 [ 125.414634][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30 [ 125.420092][ C1] __netif_receive_skb_one_core+0x113/0x1a0 [ 125.425981][ C1] ? __netif_receive_skb_core+0x30b0/0x30b0 [ 125.432099][ C1] ? lock_acquire+0x190/0x410 [ 125.436761][ C1] ? process_backlog+0x1b5/0x780 [ 125.441731][ C1] __netif_receive_skb+0x2c/0x1d0 [ 125.447718][ C1] process_backlog+0x226/0x780 [ 125.452494][ C1] ? net_rx_action+0x27b/0x1120 [ 125.457351][ C1] ? lockdep_hardirqs_on+0x19e/0x5e0 [ 125.462806][ C1] net_rx_action+0x508/0x1120 [ 125.467703][ C1] ? napi_busy_loop+0x970/0x970 [ 125.472551][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 125.478126][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 125.484103][ C1] ? ip6_finish_output2+0x10d3/0x25c0 [ 125.489706][ C1] ? trace_hardirqs_on+0x67/0x240 [ 125.494995][ C1] __do_softirq+0x262/0x98c [ 125.499620][ C1] ? ip6_finish_output2+0x10d3/0x25c0 [ 125.505424][ C1] do_softirq_own_stack+0x2a/0x40 [ 125.510650][ C1] [ 125.513590][ C1] do_softirq.part.0+0x11a/0x170 [ 125.518526][ C1] __local_bh_enable_ip+0x211/0x270 [ 125.523728][ C1] ip6_finish_output2+0x1101/0x25c0 [ 125.529044][ C1] ? ip6_frag_next+0xb20/0xb20 [ 125.533817][ C1] ? lock_downgrade+0x920/0x920 [ 125.538717][ C1] ? __kasan_check_read+0x11/0x20 [ 125.543752][ C1] __ip6_finish_output+0x444/0xaa0 [ 125.549040][ C1] ? __ip6_finish_output+0x444/0xaa0 [ 125.554330][ C1] ip6_finish_output+0x38/0x1f0 [ 125.559344][ C1] ip6_output+0x25e/0x880 [ 125.563685][ C1] ? ip6_finish_output+0x1f0/0x1f0 [ 125.568812][ C1] ? __ip6_finish_output+0xaa0/0xaa0 [ 125.575435][ C1] ndisc_send_skb+0xf1f/0x1490 [ 125.580190][ C1] ? nf_hook.constprop.0+0x560/0x560 [ 125.585478][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.591734][ C1] ? skb_set_owner_w+0x265/0x410 [ 125.601459][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 125.607441][ C1] ndisc_send_ns+0x3a9/0x850 [ 125.612045][ C1] ? mark_held_locks+0xa4/0xf0 [ 125.617028][ C1] ? ndisc_netdev_event+0x5e0/0x5e0 [ 125.622295][ C1] ? lockdep_hardirqs_on+0x421/0x5e0 [ 125.627700][ C1] ? addrconf_dad_work+0xb2c/0x11d0 [ 125.632955][ C1] ? trace_hardirqs_on+0x67/0x240 [ 125.638076][ C1] ? addrconf_dad_work+0xb2c/0x11d0 [ 125.643449][ C1] addrconf_dad_work+0xbf3/0x11d0 [ 125.648678][ C1] ? addrconf_dad_completed+0xbb0/0xbb0 [ 125.654219][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 125.660427][ C1] ? trace_hardirqs_on+0x67/0x240 [ 125.665466][ C1] process_one_work+0xa05/0x17a0 [ 125.670416][ C1] ? mark_held_locks+0xf0/0xf0 [ 125.675178][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 125.680815][ C1] ? lock_acquire+0x190/0x410 [ 125.685623][ C1] worker_thread+0x98/0xe40 [ 125.690128][ C1] ? trace_hardirqs_on+0x67/0x240 [ 125.695157][ C1] kthread+0x361/0x430 [ 125.699249][ C1] ? process_one_work+0x17a0/0x17a0 [ 125.704441][ C1] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 125.710160][ C1] ret_from_fork+0x24/0x30 [ 125.716283][ C1] Kernel Offset: disabled [ 125.720636][ C1] Rebooting in 86400 seconds..