[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.503572] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.764711] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   24.132435] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   24.998427] random: sshd: uninitialized urandom read (32 bytes read, 74 bits of entropy available)
Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
[   30.560749] random: sshd: uninitialized urandom read (32 bytes read, 81 bits of entropy available)
2018/08/26 17:59:48 fuzzer started
[   32.013961] random: cc1: uninitialized urandom read (8 bytes read, 83 bits of entropy available)
2018/08/26 17:59:50 dialing manager at 10.128.0.26:34351
2018/08/26 17:59:52 syscalls: 1
2018/08/26 17:59:52 code coverage: enabled
2018/08/26 17:59:52 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/08/26 17:59:52 setuid sandbox: enabled
2018/08/26 17:59:52 namespace sandbox: enabled
2018/08/26 17:59:52 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/26 17:59:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/08/26 17:59:52 net packed injection: enabled
2018/08/26 17:59:52 net device setup: enabled
[   36.143257] random: nonblocking pool is initialized
18:00:41 executing program 0:

18:00:41 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000dc0)=@in={0x2, 0x4e24, @remote}, 0x80, &(0x7f0000001140), 0x0, &(0x7f0000007e80)=[{0x10, 0x1}], 0x10}}], 0x1, 0x4)

18:00:41 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f00000001c0)="0a5cc80700315f85715070")
r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
ftruncate(r1, 0x208200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe)

18:00:41 executing program 2:
unshare(0x8000000)
r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x5})
mq_timedsend(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000140)={0x77359400})
mq_timedreceive(r0, &(0x7f0000000100)=""/24, 0x18, 0x0, 0x0)

18:00:41 executing program 3:
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

18:00:41 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000040)={@dev}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000200)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}, 0x7}, 0x20)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00')
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x856, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
readv(r2, &(0x7f0000000100)=[{&(0x7f0000000080)=""/94, 0x43}], 0x1)

18:00:41 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000fb6000)=""/28, 0x3f0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000240)={0x0, 0x0, 'client0\x00', 0x0, "4156456adbeae00c", "22ea2f2c8ebd71143e81ff729b39403460264b9429ffd750366ef38c127d0885"})
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x1000000000014)

18:00:41 executing program 6:
syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd60c8bb8500200000fe8008000000000000bbfe8000000000000000000000000000bb1301000000000000c204000000000100000000ffffffff7800df9b5100e5749f83e4006146a350173562b3a216c8d5cfe5bd368506a831272aa3084e3c70e4018e25957b35c472dd96ee0063814f99c4412ea4b08bea3193e59e9b01f535966fa4a8a014897b983f153f23bc606d2055d06a11ea4a56fa97a514559b50be9d14"], &(0x7f0000000000))

[   84.066590] IPVS: Creating netns size=2552 id=1
[   84.146591] IPVS: Creating netns size=2552 id=2
[   84.208009] IPVS: Creating netns size=2552 id=3
[   84.298413] IPVS: Creating netns size=2552 id=4
[   84.400467] IPVS: Creating netns size=2552 id=5
[   84.567073] IPVS: Creating netns size=2552 id=6
[   84.721356] IPVS: Creating netns size=2552 id=7
[   84.966974] IPVS: Creating netns size=2552 id=8
[   85.045666] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.150588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.340633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.446936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.580822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   85.593844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.601352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.664892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.687671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   85.699879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.819060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   85.941096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   86.156628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.171279] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   86.207643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.234949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   86.242952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   86.340579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   86.349585] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   86.409984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   86.422183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   86.432282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   86.469193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   86.566720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   86.577869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   86.666945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   86.675156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.687142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   86.700158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   86.718538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   86.738555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.759682] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.776245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   86.799586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   86.828148] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   86.871176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   86.880159] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.898598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   86.917064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.009865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.051683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.166415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.298684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   87.311790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   87.346829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.379729] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   87.393094] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   87.420397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   87.502796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   87.587431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   87.613616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.667806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.714687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.750621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   87.774282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   87.791417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.828826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.857175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   87.990188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.097724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.250109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   88.377295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   88.509258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.583207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.949521] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   91.019537] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   91.238073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.295526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.308127] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   91.498174] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   91.613463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.801649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.024741] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.178521] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.284079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.335507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.440441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.686448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.830015] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
18:00:50 executing program 0:

18:00:50 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4)
bind$inet(r0, &(0x7f00001edff0)={0x2, 0x10000004e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
recvmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f0000001a80)=@nfc_llcp, 0x80, &(0x7f00000020c0), 0x0, &(0x7f0000002180)=""/164, 0xa4}}, {{&(0x7f0000002240)=@can, 0x80, &(0x7f0000002580), 0x0, &(0x7f0000002740)=""/246, 0xf6}}], 0x2, 0x40000002, 0x0)
sendto$inet(r0, &(0x7f0000c95ffd), 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000001700)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@ethernet={0x0, @remote}, 0x80, &(0x7f00000015c0), 0x0, &(0x7f0000001640)=""/1, 0x1}}], 0x1, 0x100, &(0x7f0000001740)={r2, r3+30000000})
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000000000))
tkill(r1, 0x1004000000016)

[   93.141352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
18:00:50 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070")
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x200000000082002, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000040)=0x692)
write$binfmt_aout(r1, &(0x7f0000000000), 0xff8f)

18:00:51 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={&(0x7f0000de2ff4), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000000108ffff090000000000000000000000"], 0x14}}, 0x0)

18:00:51 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x2, 0x28001)
write$evdev(r0, &(0x7f0000037fe8)=[{}], 0x10)

18:00:51 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
getsockname(0xffffffffffffffff, &(0x7f00000003c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000300)=0xffffffffffffffd6)
recvfrom$unix(0xffffffffffffffff, &(0x7f00000001c0)=""/155, 0x9b, 0x0, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c)
sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0)
socket$packet(0x11, 0x0, 0x300)
ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f0000000080))

[   93.548947] ==================================================================
[   93.556385] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00
[   93.562888] Read of size 8 at addr ffff8801d1e53f18 by task syz-executor1/5731
[   93.570231] 
[   93.571859] CPU: 0 PID: 5731 Comm: syz-executor1 Not tainted 4.4.152-ge5c5f1f #89
[   93.579472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   93.588810]  0000000000000000 e8e4edaf9fa4ba28 ffff8800b99c75c8 ffffffff81e15fed
[   93.596877]  ffffea00074794c0 ffff8801d1e53f18 0000000000000000 ffff8801d1e53f18
[   93.604933]  0000000000001000 ffff8800b99c7600 ffffffff8151b489 ffff8801d1e53f18
[   93.613044] Call Trace:
[   93.615622]  [<ffffffff81e15fed>] dump_stack+0xc1/0x124
[   93.620995]  [<ffffffff8151b489>] print_address_description+0x6c/0x216
[   93.627652]  [<ffffffff8151b7a8>] kasan_report.cold.7+0x175/0x2f7
[   93.633875]  [<ffffffff83435efc>] ? ip6_xmit+0x177c/0x1a00
[   93.639496]  [<ffffffff814fe734>] __asan_report_load8_noabort+0x14/0x20
[   93.646238]  [<ffffffff83435efc>] ip6_xmit+0x177c/0x1a00
[   93.651692]  [<ffffffff814fe102>] ? kasan_slab_free+0x72/0xc0
[   93.657571]  [<ffffffff814fb664>] ? kfree+0xf4/0x310
[   93.662666]  [<ffffffff82f4a3e3>] ? pskb_expand_head+0x683/0x970
[   93.668811]  [<ffffffff83434780>] ? ip6_finish_output2+0x1ca0/0x1ca0
[   93.675294]  [<ffffffff8122c752>] ? __lock_is_held+0xa2/0xf0
[   93.681083]  [<ffffffff831f2281>] ? ipv4_dst_check+0x111/0x160
[   93.687049]  [<ffffffff82f2e464>] ? __sk_dst_check+0x114/0x270
[   93.693061]  [<ffffffff834f60c5>] inet6_csk_xmit+0x245/0x490
[   93.698849]  [<ffffffff834f5f7f>] ? inet6_csk_xmit+0xff/0x490
[   93.704742]  [<ffffffff834f5e80>] ? inet6_csk_update_pmtu+0x160/0x160
[   93.711334]  [<ffffffff835647b3>] ? udp6_set_csum+0xd3/0xa70
[   93.717124]  [<ffffffff835a570c>] l2tp_xmit_skb+0xb9c/0xe80
[   93.722826]  [<ffffffff835b1c60>] pppol2tp_sendmsg+0x4e0/0x7d0
[   93.728795]  [<ffffffff81c7633f>] ? selinux_socket_sendmsg+0x3f/0x50
[   93.735278]  [<ffffffff835b1780>] ? pppol2tp_release+0x310/0x310
[   93.741417]  [<ffffffff82f2727c>] sock_sendmsg+0xcc/0x110
[   93.746954]  [<ffffffff82f28a41>] ___sys_sendmsg+0x441/0x880
[   93.752759]  [<ffffffff82f28600>] ? copy_msghdr_from_user+0x550/0x550
[   93.759343]  [<ffffffff8157e568>] ? __fget+0x148/0x3b0
[   93.764613]  [<ffffffff8157e58f>] ? __fget+0x16f/0x3b0
[   93.769881]  [<ffffffff8157e467>] ? __fget+0x47/0x3b0
[   93.775063]  [<ffffffff8157e8af>] ? __fget_light+0x9f/0x1f0
[   93.780787]  [<ffffffff8157ea18>] ? __fdget+0x18/0x20
[   93.785997]  [<ffffffff82f2b02e>] __sys_sendmmsg+0x12e/0x2e0
[   93.791799]  [<ffffffff82f2af00>] ? SyS_sendmsg+0x50/0x50
[   93.797332]  [<ffffffff834e840a>] ? ip6_datagram_connect+0x3a/0x50
[   93.803660]  [<ffffffff8330305e>] ? inet_dgram_connect+0x11e/0x200
[   93.810012]  [<ffffffff81528510>] ? fput+0x20/0x150
[   93.815033]  [<ffffffff82f27c6a>] ? SYSC_connect+0x22a/0x300
[   93.820821]  [<ffffffff82f27a40>] ? SYSC_bind+0x280/0x280
[   93.826351]  [<ffffffff812d51b8>] ? SyS_futex+0x1f8/0x300
[   93.831883]  [<ffffffff812d4fc0>] ? do_futex+0x17f0/0x17f0
[   93.837500]  [<ffffffff82f29c61>] ? SyS_socket+0x121/0x1b0
[   93.843122]  [<ffffffff82f29b40>] ? move_addr_to_kernel+0x50/0x50
[   93.849346]  [<ffffffff82f2b215>] SyS_sendmmsg+0x35/0x60
[   93.854806]  [<ffffffff838cc565>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   93.861368] 
[   93.863003] Allocated by task 5731:
[   93.866615]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   93.872564]  [<ffffffff814fd7d3>] save_stack+0x43/0xd0
[   93.877986]  [<ffffffff814fdab7>] kasan_kmalloc+0xc7/0xe0
[   93.884108]  [<ffffffff814fe082>] kasan_slab_alloc+0x12/0x20
[   93.890026]  [<ffffffff814f9b9e>] kmem_cache_alloc+0xbe/0x2a0
[   93.896028]  [<ffffffff82fa5835>] dst_alloc+0xb5/0x1a0
[   93.901423]  [<ffffffff831f29c8>] rt_dst_alloc+0x78/0x430
[   93.907096]  [<ffffffff831fbe8c>] __ip_route_output_key_hash+0x9ac/0x2380
[   93.914144]  [<ffffffff831fe339>] ip_route_output_flow+0x29/0xa0
[   93.920408]  [<ffffffff832c7f43>] __ip4_datagram_connect+0x663/0xfe0
[   93.927024]  [<ffffffff834e7cf0>] __ip6_datagram_connect+0x1280/0x1960
[   93.933816]  [<ffffffff834e83ff>] ip6_datagram_connect+0x2f/0x50
[   93.940082]  [<ffffffff83303057>] inet_dgram_connect+0x117/0x200
[   93.946349]  [<ffffffff82f27bf8>] SYSC_connect+0x1b8/0x300
[   93.952122]  [<ffffffff82f2a544>] SyS_connect+0x24/0x30
[   93.957610]  [<ffffffff838cc565>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   93.964322] 
[   93.965936] Freed by task 0:
[   93.968937] (stack is not available)
[   93.972633] 
[   93.974262] The buggy address belongs to the object at ffff8801d1e53dc0
[   93.974262]  which belongs to the cache ip_dst_cache of size 208
[   93.986999] The buggy address is located 136 bytes to the right of
[   93.986999]  208-byte region [ffff8801d1e53dc0, ffff8801d1e53e90)
[   93.999525] The buggy address belongs to the page:
[   94.006795] kasan: CONFIG_KASAN_INLINE enabled
[   94.011220] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   94.024177] Dumping ftrace buffer:
[   94.027733]    (ftrace buffer empty)
[   94.031440] Modules linked in:
[   94.034763] CPU: 1 PID: 122131648 Comm: ip Not tainted 4.4.152-ge5c5f1f #89
[   94.041848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.051208] task: ffff8800b3bab000 task.stack:           (null)
[   94.057276] RIP: 0010:[<ffffffff82fad786>]  [<ffffffff82fad786>] neigh_flush_dev+0x166/0x6d0
[   94.066008] RSP: 0018:ffff8801bdaf6fc0  EFLAGS: 00010a06
[   94.071456] RAX: 1000000000000065 RBX: 8000000000000080 RCX: ffff8800b6ac7240
[   94.078717] RDX: 0000000000000000 RSI: ffffffff82fad778 RDI: 8000000000000328
[   94.085985] RBP: ffff8801bdaf7050 R08: ffffffff85358450 R09: 0000000000000000
[   94.093251] R10: 0000000000000001 R11: ffff8800b3bab000 R12: ffffffff849928a0
[   94.100520] R13: ffff8801bcec4400 R14: ffffea00074794c0 R15: dffffc0000000000
[   94.107787] FS:  00007fa68997b700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   94.116003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   94.121901] CR2: 0000000000000130 CR3: 00000001d3bf9000 CR4: 00000000001606f0
[   94.129165] Stack:
[   94.131319]  0000000000000000 ffffffff82fadd14 ffffed0016d58e48 ffff8800b6ac7248
[   94.139421]  ffffffff849928a0 ffff8800b6ac7240 0000004c811caf0d ffffffff84992b48
[   94.147481]  0000000000000246 ffffffff84992b30 ffffffff84992b30 ffffffff849928a0
[   94.155541] Call Trace:
[   94.158113]  <UNK> 
[   94.160193] Code: 85 db 0f 84 76 03 00 00 e8 d8 6d 3a fe 48 83 7d d0 00 0f 84 92 00 00 00 e8 c8 6d 3a fe 48 8d bb a8 02 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 b6 04 00 00 48 8b 45 d0 48 39 83 a8 02 00 
[   94.188569] RIP  [<ffffffff82fad786>] neigh_flush_dev+0x166/0x6d0
[   94.194936]  RSP <ffff8801bdaf6fc0>
[   94.198575] kasan: CONFIG_KASAN_INLINE enabled
[   94.202986] kasan: GPF could be caused by NULL-ptr deref or user memory access[   94.210460] ------------[ cut here ]------------
[   94.215215] WARNING: CPU: 1 PID: 122131648 at kernel/sched/core.c:7946 __might_sleep+0x138/0x1a0()
[   94.224308] do not call blocking ops when !TASK_RUNNING; state=ffffea00074794c0 set at [<ffffffff81490267>] dump_page_badflags+0x57/0x70
[   94.236692] Kernel panic - not syncing: panic_on_warn set ...
[   94.236692] 
[   95.417598] Shutting down cpus with NMI
[   95.422280] Dumping ftrace buffer:
[   95.425803]    (ftrace buffer empty)
[   95.429484] Kernel Offset: disabled
[   95.433083] Rebooting in 86400 seconds..