[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 20.166248] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 22.439908] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 22.876885] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 23.553170] random: sshd: uninitialized urandom read (32 bytes read, 68 bits of entropy available)
[ 38.782189] random: sshd: uninitialized urandom read (32 bytes read, 77 bits of entropy available)
Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts.
[ 44.513080] random: sshd: uninitialized urandom read (32 bytes read, 79 bits of entropy available)
2018/08/08 16:31:06 parsed 1 programs
[ 46.105783] random: cc1: uninitialized urandom read (8 bytes read, 81 bits of entropy available)
2018/08/08 16:31:08 executed programs: 0
[ 47.338120] IPVS: Creating netns size=2552 id=1
[ 47.579421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 47.596202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 47.679638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 47.696524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 47.776989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 47.792048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 47.809118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 47.826580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 48.572605] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 48.610862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.906052] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 48.914910] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 48.942168] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 48.949873] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 48.972081] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 48.979934] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.000607] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.008782] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.028593] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.037190] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.057478] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.065293] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.086686] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.094473] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.114906] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.122768] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.143482] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.151643] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.171984] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.179809] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.200694] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.208888] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.230255] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.238120] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.258456] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.266572] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.287068] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.294851] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.316581] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.324323] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.344054] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.352307] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.373496] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.381830] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.401018] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.409272] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.430182] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.438503] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.459818] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.467648] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.488887] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.496815] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.517094] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.525234] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.550813] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.558863] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.578717] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.587078] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.608176] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.616148] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.636143] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.643925] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.664759] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.672888] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.694349] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.702767] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.723967] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.731990] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.752293] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.761040] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.782621] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.790527] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.812364] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.820756] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.841891] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.849678] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.866077] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.873907] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.894742] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.902509] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.925018] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.933757] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 49.954938] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.962894] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.983577] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 49.992584] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.013114] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.020870] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.042840] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.050944] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.070865] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.078563] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.099498] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.107603] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.127310] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.135378] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.155179] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.163151] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.183094] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.190806] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.211348] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.219043] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.239045] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.247172] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.268653] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.276534] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.297839] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.305618] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.325752] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.334494] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.355592] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.363508] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.384649] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.392859] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.414028] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.453036] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.490603] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.498788] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.518841] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.526628] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.547945] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.556536] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.577472] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.586118] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.606367] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.614780] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.634990] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.643841] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.664036] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.672655] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.693313] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.701083] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.723079] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.730835] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.751379] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.759127] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.779375] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.787418] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.808560] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.816453] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.840588] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.848315] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.867367] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.875493] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.895766] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.904045] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.925588] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.933617] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.954044] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 50.961964] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[ 50.983478] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[ 51.041698] ==================================================================
[ 51.049133] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[ 51.056416] Read of size 4 at addr ffff8800b8da6780 by task syz-executor0/4364
[ 51.063755]
[ 51.065369] CPU: 1 PID: 4364 Comm: syz-executor0 Not tainted 4.4.146-g1396226 #15
[ 51.073069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.082421] 0000000000000000 bc1a6ef50338adc0 ffff8801ccf1fc78 ffffffff81e1292d
[ 51.090437] ffffea0002e36980 ffff8800b8da6780 0000000000000000 ffff8800b8da6780
[ 51.098880] ffffffff82f1f7c0 ffff8801ccf1fcb0 ffffffff81517f76 ffff8800b8da6780
[ 51.106905] Call Trace:
[ 51.109493] [<ffffffff81e1292d>] dump_stack+0xc1/0x124
[ 51.114873] [<ffffffff82f1f7c0>] ? sock_release+0x1c0/0x1c0
[ 51.120651] [<ffffffff81517f76>] print_address_description+0x6c/0x216
[ 51.127297] [<ffffffff82f1f7c0>] ? sock_release+0x1c0/0x1c0
[ 51.133078] [<ffffffff81518295>] kasan_report.cold.7+0x175/0x2f7
[ 51.139292] [<ffffffff835a0ff4>] ? l2tp_session_queue_purge+0xf4/0x100
[ 51.146025] [<ffffffff814fbd64>] __asan_report_load4_noabort+0x14/0x20
[ 51.152762] [<ffffffff835a0ff4>] l2tp_session_queue_purge+0xf4/0x100
[ 51.159328] [<ffffffff82f1f7c0>] ? sock_release+0x1c0/0x1c0
[ 51.165110] [<ffffffff835adb2f>] pppol2tp_release+0x1ff/0x310
[ 51.171079] [<ffffffff82f1f696>] sock_release+0x96/0x1c0
[ 51.176598] [<ffffffff82f1f7d6>] sock_close+0x16/0x20
[ 51.181862] [<ffffffff81525365>] __fput+0x235/0x6f0
[ 51.186957] [<ffffffff815258a5>] ____fput+0x15/0x20
[ 51.192041] [<ffffffff8118e00f>] task_work_run+0x10f/0x190
[ 51.198081] [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[ 51.204485] [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[ 51.210615] [<ffffffff838ca383>] sysenter_flags_fixed+0xd/0x1a
[ 51.216658]
[ 51.218269] Allocated by task 4367:
[ 51.221873] [<ffffffff81034676>] save_stack_trace+0x26/0x50
[ 51.227794] [<ffffffff814fae33>] save_stack+0x43/0xd0
[ 51.233265] [<ffffffff814fb117>] kasan_kmalloc+0xc7/0xe0
[ 51.238932] [<ffffffff814f7834>] __kmalloc+0x124/0x310
[ 51.244431] [<ffffffff835a6439>] l2tp_session_create+0x39/0x1030
[ 51.250788] [<ffffffff835ab140>] pppol2tp_connect+0x10f0/0x1910
[ 51.257036] [<ffffffff82f240b8>] SYSC_connect+0x1b8/0x300
[ 51.262763] [<ffffffff82f269f4>] SyS_connect+0x24/0x30
[ 51.268237] [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[ 51.274488] [<ffffffff838ca383>] sysenter_flags_fixed+0xd/0x1a
[ 51.280673]
[ 51.282282] Freed by task 4367:
[ 51.285545] [<ffffffff81034676>] save_stack_trace+0x26/0x50
[ 51.291447] [<ffffffff814fae33>] save_stack+0x43/0xd0
[ 51.296834] [<ffffffff814fb762>] kasan_slab_free+0x72/0xc0
[ 51.302668] [<ffffffff814f8c64>] kfree+0xf4/0x310
[ 51.307699] [<ffffffff835a33a0>] l2tp_session_free+0x170/0x200
[ 51.313865] [<ffffffff835a5759>] l2tp_tunnel_closeall+0x2b9/0x350
[ 51.320288] [<ffffffff835a626b>] l2tp_udp_encap_destroy+0x8b/0xf0
[ 51.326707] [<ffffffff83498271>] udpv6_destroy_sock+0xb1/0xd0
[ 51.332779] [<ffffffff82f34f8d>] sk_common_release+0x6d/0x300
[ 51.338869] [<ffffffff83496f25>] udp_lib_close+0x15/0x20
[ 51.344511] [<ffffffff832fe88f>] inet_release+0xff/0x1d0
[ 51.350165] [<ffffffff83421520>] inet6_release+0x50/0x70
[ 51.355809] [<ffffffff82f1f696>] sock_release+0x96/0x1c0
[ 51.361456] [<ffffffff82f1f7d6>] sock_close+0x16/0x20
[ 51.366839] [<ffffffff81525365>] __fput+0x235/0x6f0
[ 51.372045] [<ffffffff815258a5>] ____fput+0x15/0x20
[ 51.377256] [<ffffffff8118e00f>] task_work_run+0x10f/0x190
[ 51.383088] [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[ 51.389623] [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[ 51.395879] [<ffffffff838ca383>] sysenter_flags_fixed+0xd/0x1a
[ 51.402057]
[ 51.403673] The buggy address belongs to the object at ffff8800b8da6780
[ 51.403673] which belongs to the cache kmalloc-512 of size 512
[ 51.416317] The buggy address is located 0 bytes inside of
[ 51.416317] 512-byte region [ffff8800b8da6780, ffff8800b8da6980)
[ 51.427994] The buggy address belongs to the page:
[ 52.601297] kasan: CONFIG_KASAN_INLINE enabled
[ 52.605762] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 52.619622] Dumping ftrace buffer:
[ 52.623172] (ftrace buffer empty)
[ 52.626888] Modules linked in:
[ 52.630258] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.146-g1396226 #15
[ 52.637288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.646664] task: ffffffff84417840 task.stack: ffffffff84400000
[ 52.652721] RIP: 0010:[<ffffffff83522d67>] [<ffffffff83522d67>] ip6t_do_table+0x297/0x17e0
[ 52.661375] RSP: 0018:ffff8801db207680 EFLAGS: 00010246
[ 52.666844] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8801ccf08000
[ 52.674138] RDX: 0000000000000000 RSI: ffffffff81e7245b RDI: ffff8801ccf08038
[ 52.681418] RBP: ffff8801db2078a0 R08: ffffffff84418190 R09: 0000000000000000
[ 52.688696] R10: 0000000000000001 R11: ffffffff84417840 R12: 0000000000000000
[ 52.695971] R13: ffff8801ce809b40 R14: ffff8801d48fa2a8 R15: ffff8801db207a40
[ 52.703252] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[ 52.711486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.717370] CR2: 00000000f771ac30 CR3: 00000001cdf0f000 CR4: 00000000001606f0
[ 52.724651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.731931] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.739201] Stack:
[ 52.741353] ffffffff8118e1db ffffffff84407fe8 ffff8801db2076e8 ffffffff8101678b
[ 52.749546] ffffffff84407fe8 ffff8801db207790 ffff8801cd4e1100 ffff8801ce809b60
[ 52.757708] ffff880100010001 ffff8801ce200000 ffff8801db207700 1ffff1003b640edc
[ 52.765778] Call Trace:
[ 52.768353] <IRQ>
[ 52.770415] [<ffffffff8118e1db>] ? __kernel_text_address+0x6b/0xa0
[ 52.777139] [<ffffffff8101678b>] ? print_context_stack+0x4b/0xd0
[ 52.783382] [<ffffffff81231d46>] ? __lock_acquire+0xa86/0x5270
[ 52.789538] [<ffffffff81ebb2b9>] ? depot_save_stack+0x1c9/0x610
[ 52.795692] [<ffffffff83522ad0>] ? compat_do_ip6t_get_ctl+0x910/0x910
[ 52.802371] [<ffffffff8352d00c>] ? ipv6_defrag+0x34c/0x5c0
[ 52.808103] [<ffffffff83473c7b>] ? icmp6_dst_alloc+0x46b/0x620
[ 52.814301] [<ffffffff8348c851>] ? ndisc_send_skb+0xb51/0xf20
[ 52.820283] [<ffffffff834909aa>] ? ndisc_send_rs+0x12a/0x430
[ 52.826178] [<ffffffff83452fc7>] ? addrconf_rs_timer+0x287/0x5b0
[ 52.832440] [<ffffffff8352ccc0>] ? nf_defrag_ipv6_enable+0x10/0x10
[ 52.838861] [<ffffffff838cb6a1>] ? smp_apic_timer_interrupt+0x81/0xa0
[ 52.845543] [<ffffffff838ca5e0>] ? apic_timer_interrupt+0xa0/0xb0
[ 52.851874] [<ffffffff835299e5>] ip6table_raw_hook+0x65/0x80
[ 52.858459] [<ffffffff830c77e2>] nf_iterate+0x182/0x210
[ 52.863928] [<ffffffff830c7a26>] nf_hook_slow+0x1b6/0x340
[ 52.869561] [<ffffffff830c7870>] ? nf_iterate+0x210/0x210
[ 52.875199] [<ffffffff830c7870>] ? nf_iterate+0x210/0x210
[ 52.880835] [<ffffffff814faf85>] ? kasan_unpoison_shadow+0x35/0x50
[ 52.887254] [<ffffffff8348b7b9>] NF_HOOK_THRESH.constprop.29+0x1c9/0x310
[ 52.894187] [<ffffffff8348b5f0>] ? ndisc_error_report+0x1a0/0x1a0
[ 52.900540] [<ffffffff8348b300>] ? ndisc_parse_options.part.28+0x390/0x390
[ 52.907648] [<ffffffff8348c4e7>] ndisc_send_skb+0x7e7/0xf20
[ 52.913554] [<ffffffff8348c337>] ? ndisc_send_skb+0x637/0xf20
[ 52.919713] [<ffffffff8348bd00>] ? pndisc_destructor+0x200/0x200
[ 52.926045] [<ffffffff834535f0>] ? ipv6_get_ifaddr+0x300/0x510
[ 52.932212] [<ffffffff83489efa>] ? ndisc_fill_addr_option+0x19a/0x1f0
[ 52.938890] [<ffffffff834909aa>] ndisc_send_rs+0x12a/0x430
[ 52.944618] [<ffffffff83452fc7>] addrconf_rs_timer+0x287/0x5b0
[ 52.950690] [<ffffffff83452d40>] ? ipv6_get_lladdr+0x440/0x440
[ 52.956763] [<ffffffff81292d4c>] call_timer_fn+0x18c/0x870
[ 52.962485] [<ffffffff81292c9a>] ? call_timer_fn+0xda/0x870
[ 52.968304] [<ffffffff81e74444>] ? debug_object_deactivate+0x214/0x340
[ 52.975073] [<ffffffff83452d40>] ? ipv6_get_lladdr+0x440/0x440
[ 52.980977] PANIC: double fault, error_code: 0x0
[ 52.980989] CPU: 1 PID: 4364 Comm: syz-executor0 Not tainted 4.4.146-g1396226 #15
[ 52.980993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.980998] task: ffff8800b1bb6000 task.stack: ffff8801ccf18000
[ 52.981015] RIP: 0010:[<ffffffff8148f44d>] [<ffffffff8148f44d>] dump_page_badflags+0xd/0x70
[ 52.981020] RSP: 0018:ffff880100000000 EFLAGS: 00010046
[ 52.981024] RAX: ffff8800b1bb6000 RBX: ffffea0002e36980 RCX: 0000000000000000
[ 52.981029] RDX: 0000000000000000 RSI: ffffffff83aaad60 RDI: ffffea0002e36980
[ 52.981032] RBP: ffff880100000018 R08: 0000000000000001 R09: 0000000000000000
[ 52.981037] R10: 0000000000000001 R11: ffffffff858f0274 R12: 0000000000000000
[ 52.981041] R13: ffffffff83aaad60 R14: ffff8800b8da6780 R15: ffff8800b8da6980
[ 52.981047] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000009f2d900
[ 52.981052] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 52.981056] CR2: ffff8800fffffff8 CR3: 00000001cd2ba000 CR4: 00000000001606f0
[ 52.981063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.981067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.981069] Stack:
[ 52.981071]
[ 52.981072] Call Trace:
[ 52.981076] <UNK>
[ 52.981186] Code: f0 48 ff 80 28 5b 9f 84 5b 5d c3 48 89 df e8 3b c9 06 00 eb dd 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 <41> 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 51 43 ec ff 48 89 da
[ 52.981190] Kernel panic - not syncing: Machine halted.
[ 53.128558] [<ffffffff81292bc0>] ? process_timeout+0x20/0x20
[ 53.134442] [<ffffffff838c7f67>] ? _raw_spin_unlock_irq+0x27/0x50
[ 53.140761] [<ffffffff81230a26>] ? trace_hardirqs_on_caller+0x266/0x590
[ 53.147601] [<ffffffff81293a72>] run_timer_softirq+0x642/0xb90
[ 53.153655] [<ffffffff83452d40>] ? ipv6_get_lladdr+0x440/0x440
[ 53.159709] [<ffffffff81293430>] ? call_timer_fn+0x870/0x870
[ 53.165590] [<ffffffff838cbf3c>] __do_softirq+0x22c/0xa1a
[ 53.171235] [<ffffffff81141a8d>] irq_exit+0x10d/0x140
[ 53.176505] [<ffffffff838cb6a1>] smp_apic_timer_interrupt+0x81/0xa0
[ 53.182996] [<ffffffff838ca5e0>] apic_timer_interrupt+0xa0/0xb0
[ 53.189129] <EOI>
[ 53.191188] [<ffffffff810ce336>] ? native_safe_halt+0x6/0x10
[ 53.197366] [<ffffffff81230d5d>] ? trace_hardirqs_on+0xd/0x10
[ 53.203338] [<ffffffff81025cd5>] default_idle+0x55/0x3c0
[ 53.208869] [<ffffffff81027be0>] arch_cpu_idle+0x10/0x20
[ 53.214505] [<ffffffff8121de97>] default_idle_call+0x57/0x70
[ 53.220411] [<ffffffff8121e63f>] cpu_startup_entry+0x6af/0x780
[ 53.226556] [<ffffffff8121df90>] ? call_cpuidle+0xe0/0xe0
[ 53.232181] [<ffffffff838b5b71>] rest_init+0x188/0x18e
[ 53.237717] [<ffffffff84a4d8a1>] start_kernel+0x6b3/0x6e7
[ 53.243343] [<ffffffff84a4d1ee>] ? thread_stack_cache_init+0xb/0xb
[ 53.249751] [<ffffffff84a4c120>] ? early_idt_handler_array+0x120/0x120
[ 53.256502] [<ffffffff84a4c120>] ? early_idt_handler_array+0x120/0x120
[ 53.263262] [<ffffffff84a4c30f>] x86_64_start_reservations+0x29/0x2b
[ 53.269841] [<ffffffff84a4c450>] x86_64_start_kernel+0x13f/0x162
[ 53.276063] Code: 3c 11 00 0f 85 f2 12 00 00 48 8b 8d d0 fe ff ff 89 c0 48 8b 51 38 48 8d 1c c2 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c9 14 00 00 48 8b 03 48 c7 c7 a0 0b a2 84 48
[ 53.303453] RIP [<ffffffff83522d67>] ip6t_do_table+0x297/0x17e0
[ 53.309718] RSP <ffff8801db207680>
[ 53.313694] Dumping ftrace buffer:
[ 53.317243] (ftrace buffer empty)
[ 53.320934] Kernel Offset: disabled
[ 53.324545] Rebooting in 86400 seconds..