[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.166248] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.439908] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   22.876885] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   23.553170] random: sshd: uninitialized urandom read (32 bytes read, 68 bits of entropy available)
[   38.782189] random: sshd: uninitialized urandom read (32 bytes read, 77 bits of entropy available)
Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts.
[   44.513080] random: sshd: uninitialized urandom read (32 bytes read, 79 bits of entropy available)
2018/08/08 16:31:06 parsed 1 programs
[   46.105783] random: cc1: uninitialized urandom read (8 bytes read, 81 bits of entropy available)
2018/08/08 16:31:08 executed programs: 0
[   47.338120] IPVS: Creating netns size=2552 id=1
[   47.579421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.596202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.679638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   47.696524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   47.776989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   47.792048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   47.809118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.826580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   48.572605] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   48.610862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.906052] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   48.914910] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   48.942168] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   48.949873] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   48.972081] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   48.979934] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.000607] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.008782] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.028593] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.037190] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.057478] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.065293] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.086686] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.094473] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.114906] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.122768] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.143482] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.151643] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.171984] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.179809] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.200694] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.208888] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.230255] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.238120] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.258456] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.266572] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.287068] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.294851] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.316581] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.324323] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.344054] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.352307] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.373496] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.381830] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.401018] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.409272] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.430182] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.438503] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.459818] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.467648] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.488887] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.496815] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.517094] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.525234] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.550813] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.558863] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.578717] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.587078] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.608176] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.616148] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.636143] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.643925] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.664759] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.672888] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.694349] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.702767] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.723967] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.731990] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.752293] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.761040] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.782621] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.790527] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.812364] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.820756] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.841891] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.849678] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.866077] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.873907] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.894742] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.902509] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.925018] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.933757] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   49.954938] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.962894] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.983577] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   49.992584] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.013114] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.020870] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.042840] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.050944] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.070865] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.078563] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.099498] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.107603] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.127310] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.135378] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.155179] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.163151] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.183094] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.190806] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.211348] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.219043] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.239045] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.247172] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.268653] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.276534] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.297839] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.305618] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.325752] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.334494] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.355592] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.363508] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.384649] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.392859] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.414028] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.453036] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.490603] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.498788] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.518841] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.526628] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.547945] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.556536] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.577472] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.586118] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.606367] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.614780] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.634990] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.643841] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.664036] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.672655] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.693313] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.701083] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.723079] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.730835] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.751379] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.759127] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.779375] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.787418] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.808560] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.816453] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.840588] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.848315] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.867367] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.875493] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.895766] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.904045] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.925588] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.933617] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.954044] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   50.961964] l2tp_core: tunl 3: sockfd_lookup(fd=14) returned -9
[   50.983478] l2tp_core: tunl 3: sockfd_lookup(fd=8) returned -9
[   51.041698] ==================================================================
[   51.049133] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[   51.056416] Read of size 4 at addr ffff8800b8da6780 by task syz-executor0/4364
[   51.063755] 
[   51.065369] CPU: 1 PID: 4364 Comm: syz-executor0 Not tainted 4.4.146-g1396226 #15
[   51.073069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.082421]  0000000000000000 bc1a6ef50338adc0 ffff8801ccf1fc78 ffffffff81e1292d
[   51.090437]  ffffea0002e36980 ffff8800b8da6780 0000000000000000 ffff8800b8da6780
[   51.098880]  ffffffff82f1f7c0 ffff8801ccf1fcb0 ffffffff81517f76 ffff8800b8da6780
[   51.106905] Call Trace:
[   51.109493]  [<ffffffff81e1292d>] dump_stack+0xc1/0x124
[   51.114873]  [<ffffffff82f1f7c0>] ? sock_release+0x1c0/0x1c0
[   51.120651]  [<ffffffff81517f76>] print_address_description+0x6c/0x216
[   51.127297]  [<ffffffff82f1f7c0>] ? sock_release+0x1c0/0x1c0
[   51.133078]  [<ffffffff81518295>] kasan_report.cold.7+0x175/0x2f7
[   51.139292]  [<ffffffff835a0ff4>] ? l2tp_session_queue_purge+0xf4/0x100
[   51.146025]  [<ffffffff814fbd64>] __asan_report_load4_noabort+0x14/0x20
[   51.152762]  [<ffffffff835a0ff4>] l2tp_session_queue_purge+0xf4/0x100
[   51.159328]  [<ffffffff82f1f7c0>] ? sock_release+0x1c0/0x1c0
[   51.165110]  [<ffffffff835adb2f>] pppol2tp_release+0x1ff/0x310
[   51.171079]  [<ffffffff82f1f696>] sock_release+0x96/0x1c0
[   51.176598]  [<ffffffff82f1f7d6>] sock_close+0x16/0x20
[   51.181862]  [<ffffffff81525365>] __fput+0x235/0x6f0
[   51.186957]  [<ffffffff815258a5>] ____fput+0x15/0x20
[   51.192041]  [<ffffffff8118e00f>] task_work_run+0x10f/0x190
[   51.198081]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   51.204485]  [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[   51.210615]  [<ffffffff838ca383>] sysenter_flags_fixed+0xd/0x1a
[   51.216658] 
[   51.218269] Allocated by task 4367:
[   51.221873]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   51.227794]  [<ffffffff814fae33>] save_stack+0x43/0xd0
[   51.233265]  [<ffffffff814fb117>] kasan_kmalloc+0xc7/0xe0
[   51.238932]  [<ffffffff814f7834>] __kmalloc+0x124/0x310
[   51.244431]  [<ffffffff835a6439>] l2tp_session_create+0x39/0x1030
[   51.250788]  [<ffffffff835ab140>] pppol2tp_connect+0x10f0/0x1910
[   51.257036]  [<ffffffff82f240b8>] SYSC_connect+0x1b8/0x300
[   51.262763]  [<ffffffff82f269f4>] SyS_connect+0x24/0x30
[   51.268237]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   51.274488]  [<ffffffff838ca383>] sysenter_flags_fixed+0xd/0x1a
[   51.280673] 
[   51.282282] Freed by task 4367:
[   51.285545]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   51.291447]  [<ffffffff814fae33>] save_stack+0x43/0xd0
[   51.296834]  [<ffffffff814fb762>] kasan_slab_free+0x72/0xc0
[   51.302668]  [<ffffffff814f8c64>] kfree+0xf4/0x310
[   51.307699]  [<ffffffff835a33a0>] l2tp_session_free+0x170/0x200
[   51.313865]  [<ffffffff835a5759>] l2tp_tunnel_closeall+0x2b9/0x350
[   51.320288]  [<ffffffff835a626b>] l2tp_udp_encap_destroy+0x8b/0xf0
[   51.326707]  [<ffffffff83498271>] udpv6_destroy_sock+0xb1/0xd0
[   51.332779]  [<ffffffff82f34f8d>] sk_common_release+0x6d/0x300
[   51.338869]  [<ffffffff83496f25>] udp_lib_close+0x15/0x20
[   51.344511]  [<ffffffff832fe88f>] inet_release+0xff/0x1d0
[   51.350165]  [<ffffffff83421520>] inet6_release+0x50/0x70
[   51.355809]  [<ffffffff82f1f696>] sock_release+0x96/0x1c0
[   51.361456]  [<ffffffff82f1f7d6>] sock_close+0x16/0x20
[   51.366839]  [<ffffffff81525365>] __fput+0x235/0x6f0
[   51.372045]  [<ffffffff815258a5>] ____fput+0x15/0x20
[   51.377256]  [<ffffffff8118e00f>] task_work_run+0x10f/0x190
[   51.383088]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   51.389623]  [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[   51.395879]  [<ffffffff838ca383>] sysenter_flags_fixed+0xd/0x1a
[   51.402057] 
[   51.403673] The buggy address belongs to the object at ffff8800b8da6780
[   51.403673]  which belongs to the cache kmalloc-512 of size 512
[   51.416317] The buggy address is located 0 bytes inside of
[   51.416317]  512-byte region [ffff8800b8da6780, ffff8800b8da6980)
[   51.427994] The buggy address belongs to the page:
[   52.601297] kasan: CONFIG_KASAN_INLINE enabled
[   52.605762] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   52.619622] Dumping ftrace buffer:
[   52.623172]    (ftrace buffer empty)
[   52.626888] Modules linked in:
[   52.630258] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.146-g1396226 #15
[   52.637288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.646664] task: ffffffff84417840 task.stack: ffffffff84400000
[   52.652721] RIP: 0010:[<ffffffff83522d67>]  [<ffffffff83522d67>] ip6t_do_table+0x297/0x17e0
[   52.661375] RSP: 0018:ffff8801db207680  EFLAGS: 00010246
[   52.666844] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8801ccf08000
[   52.674138] RDX: 0000000000000000 RSI: ffffffff81e7245b RDI: ffff8801ccf08038
[   52.681418] RBP: ffff8801db2078a0 R08: ffffffff84418190 R09: 0000000000000000
[   52.688696] R10: 0000000000000001 R11: ffffffff84417840 R12: 0000000000000000
[   52.695971] R13: ffff8801ce809b40 R14: ffff8801d48fa2a8 R15: ffff8801db207a40
[   52.703252] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   52.711486] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   52.717370] CR2: 00000000f771ac30 CR3: 00000001cdf0f000 CR4: 00000000001606f0
[   52.724651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   52.731931] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   52.739201] Stack:
[   52.741353]  ffffffff8118e1db ffffffff84407fe8 ffff8801db2076e8 ffffffff8101678b
[   52.749546]  ffffffff84407fe8 ffff8801db207790 ffff8801cd4e1100 ffff8801ce809b60
[   52.757708]  ffff880100010001 ffff8801ce200000 ffff8801db207700 1ffff1003b640edc
[   52.765778] Call Trace:
[   52.768353]  <IRQ> 
[   52.770415]  [<ffffffff8118e1db>] ? __kernel_text_address+0x6b/0xa0
[   52.777139]  [<ffffffff8101678b>] ? print_context_stack+0x4b/0xd0
[   52.783382]  [<ffffffff81231d46>] ? __lock_acquire+0xa86/0x5270
[   52.789538]  [<ffffffff81ebb2b9>] ? depot_save_stack+0x1c9/0x610
[   52.795692]  [<ffffffff83522ad0>] ? compat_do_ip6t_get_ctl+0x910/0x910
[   52.802371]  [<ffffffff8352d00c>] ? ipv6_defrag+0x34c/0x5c0
[   52.808103]  [<ffffffff83473c7b>] ? icmp6_dst_alloc+0x46b/0x620
[   52.814301]  [<ffffffff8348c851>] ? ndisc_send_skb+0xb51/0xf20
[   52.820283]  [<ffffffff834909aa>] ? ndisc_send_rs+0x12a/0x430
[   52.826178]  [<ffffffff83452fc7>] ? addrconf_rs_timer+0x287/0x5b0
[   52.832440]  [<ffffffff8352ccc0>] ? nf_defrag_ipv6_enable+0x10/0x10
[   52.838861]  [<ffffffff838cb6a1>] ? smp_apic_timer_interrupt+0x81/0xa0
[   52.845543]  [<ffffffff838ca5e0>] ? apic_timer_interrupt+0xa0/0xb0
[   52.851874]  [<ffffffff835299e5>] ip6table_raw_hook+0x65/0x80
[   52.858459]  [<ffffffff830c77e2>] nf_iterate+0x182/0x210
[   52.863928]  [<ffffffff830c7a26>] nf_hook_slow+0x1b6/0x340
[   52.869561]  [<ffffffff830c7870>] ? nf_iterate+0x210/0x210
[   52.875199]  [<ffffffff830c7870>] ? nf_iterate+0x210/0x210
[   52.880835]  [<ffffffff814faf85>] ? kasan_unpoison_shadow+0x35/0x50
[   52.887254]  [<ffffffff8348b7b9>] NF_HOOK_THRESH.constprop.29+0x1c9/0x310
[   52.894187]  [<ffffffff8348b5f0>] ? ndisc_error_report+0x1a0/0x1a0
[   52.900540]  [<ffffffff8348b300>] ? ndisc_parse_options.part.28+0x390/0x390
[   52.907648]  [<ffffffff8348c4e7>] ndisc_send_skb+0x7e7/0xf20
[   52.913554]  [<ffffffff8348c337>] ? ndisc_send_skb+0x637/0xf20
[   52.919713]  [<ffffffff8348bd00>] ? pndisc_destructor+0x200/0x200
[   52.926045]  [<ffffffff834535f0>] ? ipv6_get_ifaddr+0x300/0x510
[   52.932212]  [<ffffffff83489efa>] ? ndisc_fill_addr_option+0x19a/0x1f0
[   52.938890]  [<ffffffff834909aa>] ndisc_send_rs+0x12a/0x430
[   52.944618]  [<ffffffff83452fc7>] addrconf_rs_timer+0x287/0x5b0
[   52.950690]  [<ffffffff83452d40>] ? ipv6_get_lladdr+0x440/0x440
[   52.956763]  [<ffffffff81292d4c>] call_timer_fn+0x18c/0x870
[   52.962485]  [<ffffffff81292c9a>] ? call_timer_fn+0xda/0x870
[   52.968304]  [<ffffffff81e74444>] ? debug_object_deactivate+0x214/0x340
[   52.975073]  [<ffffffff83452d40>] ? ipv6_get_lladdr+0x440/0x440
[   52.980977] PANIC: double fault, error_code: 0x0
[   52.980989] CPU: 1 PID: 4364 Comm: syz-executor0 Not tainted 4.4.146-g1396226 #15
[   52.980993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.980998] task: ffff8800b1bb6000 task.stack: ffff8801ccf18000
[   52.981015] RIP: 0010:[<ffffffff8148f44d>]  [<ffffffff8148f44d>] dump_page_badflags+0xd/0x70
[   52.981020] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   52.981024] RAX: ffff8800b1bb6000 RBX: ffffea0002e36980 RCX: 0000000000000000
[   52.981029] RDX: 0000000000000000 RSI: ffffffff83aaad60 RDI: ffffea0002e36980
[   52.981032] RBP: ffff880100000018 R08: 0000000000000001 R09: 0000000000000000
[   52.981037] R10: 0000000000000001 R11: ffffffff858f0274 R12: 0000000000000000
[   52.981041] R13: ffffffff83aaad60 R14: ffff8800b8da6780 R15: ffff8800b8da6980
[   52.981047] FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000009f2d900
[   52.981052] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   52.981056] CR2: ffff8800fffffff8 CR3: 00000001cd2ba000 CR4: 00000000001606f0
[   52.981063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   52.981067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   52.981069] Stack:
[   52.981071] 
[   52.981072] Call Trace:
[   52.981076]  <UNK> 
[   52.981186] Code: f0 48 ff 80 28 5b 9f 84 5b 5d c3 48 89 df e8 3b c9 06 00 eb dd 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 <41> 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 51 43 ec ff 48 89 da 
[   52.981190] Kernel panic - not syncing: Machine halted.
[   53.128558]  [<ffffffff81292bc0>] ? process_timeout+0x20/0x20
[   53.134442]  [<ffffffff838c7f67>] ? _raw_spin_unlock_irq+0x27/0x50
[   53.140761]  [<ffffffff81230a26>] ? trace_hardirqs_on_caller+0x266/0x590
[   53.147601]  [<ffffffff81293a72>] run_timer_softirq+0x642/0xb90
[   53.153655]  [<ffffffff83452d40>] ? ipv6_get_lladdr+0x440/0x440
[   53.159709]  [<ffffffff81293430>] ? call_timer_fn+0x870/0x870
[   53.165590]  [<ffffffff838cbf3c>] __do_softirq+0x22c/0xa1a
[   53.171235]  [<ffffffff81141a8d>] irq_exit+0x10d/0x140
[   53.176505]  [<ffffffff838cb6a1>] smp_apic_timer_interrupt+0x81/0xa0
[   53.182996]  [<ffffffff838ca5e0>] apic_timer_interrupt+0xa0/0xb0
[   53.189129]  <EOI> 
[   53.191188]  [<ffffffff810ce336>] ? native_safe_halt+0x6/0x10
[   53.197366]  [<ffffffff81230d5d>] ? trace_hardirqs_on+0xd/0x10
[   53.203338]  [<ffffffff81025cd5>] default_idle+0x55/0x3c0
[   53.208869]  [<ffffffff81027be0>] arch_cpu_idle+0x10/0x20
[   53.214505]  [<ffffffff8121de97>] default_idle_call+0x57/0x70
[   53.220411]  [<ffffffff8121e63f>] cpu_startup_entry+0x6af/0x780
[   53.226556]  [<ffffffff8121df90>] ? call_cpuidle+0xe0/0xe0
[   53.232181]  [<ffffffff838b5b71>] rest_init+0x188/0x18e
[   53.237717]  [<ffffffff84a4d8a1>] start_kernel+0x6b3/0x6e7
[   53.243343]  [<ffffffff84a4d1ee>] ? thread_stack_cache_init+0xb/0xb
[   53.249751]  [<ffffffff84a4c120>] ? early_idt_handler_array+0x120/0x120
[   53.256502]  [<ffffffff84a4c120>] ? early_idt_handler_array+0x120/0x120
[   53.263262]  [<ffffffff84a4c30f>] x86_64_start_reservations+0x29/0x2b
[   53.269841]  [<ffffffff84a4c450>] x86_64_start_kernel+0x13f/0x162
[   53.276063] Code: 3c 11 00 0f 85 f2 12 00 00 48 8b 8d d0 fe ff ff 89 c0 48 8b 51 38 48 8d 1c c2 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c9 14 00 00 48 8b 03 48 c7 c7 a0 0b a2 84 48 
[   53.303453] RIP  [<ffffffff83522d67>] ip6t_do_table+0x297/0x17e0
[   53.309718]  RSP <ffff8801db207680>
[   53.313694] Dumping ftrace buffer:
[   53.317243]    (ftrace buffer empty)
[   53.320934] Kernel Offset: disabled
[   53.324545] Rebooting in 86400 seconds..