[....] Starting OpenBSD Secure Shell server: sshd[   19.833553] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.459006] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   22.754170] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   23.843931] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available)
[   24.019314] random: sshd: uninitialized urandom read (32 bytes read, 127 bits of entropy available)
[   24.121321] random: nonblocking pool is initialized
Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts.
executing program
[   29.705919] ==================================================================
[   29.713284] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[   29.720527] Read of size 4 at addr ffff8801cf1adb80 by task syz-executor116/3657
[   29.728028] 
[   29.729630] CPU: 0 PID: 3657 Comm: syz-executor116 Not tainted 4.4.134-gcb3afe1 #53
[   29.737391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.746723]  0000000000000000 20c3dbf96476a9c3 ffff8801cef5fcc0 ffffffff81e0f02d
[   29.754697]  ffffea00073c6b00 ffff8801cf1adb80 0000000000000000 ffff8801cf1adb80
[   29.762664]  ffffffff82f1a500 ffff8801cef5fcf8 ffffffff81515946 ffff8801cf1adb80
[   29.770627] Call Trace:
[   29.773187]  [<ffffffff81e0f02d>] dump_stack+0xc1/0x124
[   29.778527]  [<ffffffff82f1a500>] ? sock_release+0x1c0/0x1c0
[   29.784294]  [<ffffffff81515946>] print_address_description+0x6c/0x216
[   29.790931]  [<ffffffff82f1a500>] ? sock_release+0x1c0/0x1c0
[   29.796698]  [<ffffffff81515c65>] kasan_report.cold.7+0x175/0x2f7
[   29.802901]  [<ffffffff8359b0b4>] ? l2tp_session_queue_purge+0xf4/0x100
[   29.809624]  [<ffffffff814f9734>] __asan_report_load4_noabort+0x14/0x20
[   29.816346]  [<ffffffff8359b0b4>] l2tp_session_queue_purge+0xf4/0x100
[   29.822980]  [<ffffffff82f1a500>] ? sock_release+0x1c0/0x1c0
[   29.828756]  [<ffffffff835a7bef>] pppol2tp_release+0x1ff/0x310
[   29.834702]  [<ffffffff82f1a3d6>] sock_release+0x96/0x1c0
[   29.840210]  [<ffffffff82f1a516>] sock_close+0x16/0x20
[   29.845462]  [<ffffffff81522d35>] __fput+0x235/0x6f0
[   29.850535]  [<ffffffff81523275>] ____fput+0x15/0x20
[   29.855608]  [<ffffffff8118bd7f>] task_work_run+0x10f/0x190
[   29.861288]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   29.867844]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   29.874396]  [<ffffffff838c2c35>] int_ret_from_sys_call+0x25/0xa3
[   29.880602] 
[   29.882204] Allocated by task 3654:
[   29.885795]  [<ffffffff810341d6>] save_stack_trace+0x26/0x50
[   29.891683]  [<ffffffff814f8803>] save_stack+0x43/0xd0
[   29.897045]  [<ffffffff814f8ae7>] kasan_kmalloc+0xc7/0xe0
[   29.902666]  [<ffffffff814f5204>] __kmalloc+0x124/0x310
[   29.908112]  [<ffffffff835a04f9>] l2tp_session_create+0x39/0x1030
[   29.914429]  [<ffffffff835a5200>] pppol2tp_connect+0x10f0/0x1910
[   29.920661]  [<ffffffff82f1edf8>] SYSC_connect+0x1b8/0x300
[   29.926371]  [<ffffffff82f21734>] SyS_connect+0x24/0x30
[   29.931823]  [<ffffffff838c2aa5>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   29.938497] 
[   29.940094] Freed by task 3654:
[   29.943338]  [<ffffffff810341d6>] save_stack_trace+0x26/0x50
[   29.949323]  [<ffffffff814f8803>] save_stack+0x43/0xd0
[   29.954702]  [<ffffffff814f9132>] kasan_slab_free+0x72/0xc0
[   29.960497]  [<ffffffff814f6634>] kfree+0xf4/0x310
[   29.965522]  [<ffffffff8359d460>] l2tp_session_free+0x170/0x200
[   29.971671]  [<ffffffff8359f819>] l2tp_tunnel_closeall+0x2b9/0x350
[   29.978080]  [<ffffffff835a032b>] l2tp_udp_encap_destroy+0x8b/0xf0
[   29.984487]  [<ffffffff832cc1e8>] udp_destroy_sock+0x118/0x1a0
[   29.990546]  [<ffffffff82f2fcad>] sk_common_release+0x6d/0x300
[   29.996600]  [<ffffffff832ca1f5>] udp_lib_close+0x15/0x20
[   30.002226]  [<ffffffff832f8f7f>] inet_release+0xff/0x1d0
[   30.007946]  [<ffffffff82f1a3d6>] sock_release+0x96/0x1c0
[   30.013587]  [<ffffffff82f1a516>] sock_close+0x16/0x20
[   30.018955]  [<ffffffff81522d35>] __fput+0x235/0x6f0
[   30.024145]  [<ffffffff81523275>] ____fput+0x15/0x20
[   30.029335]  [<ffffffff8118bd7f>] task_work_run+0x10f/0x190
[   30.035141]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   30.041635]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   30.048313]  [<ffffffff838c2c35>] int_ret_from_sys_call+0x25/0xa3
[   30.054631] 
[   30.056231] The buggy address belongs to the object at ffff8801cf1adb80
[   30.056231]  which belongs to the cache kmalloc-512 of size 512
[   30.068854] The buggy address is located 0 bytes inside of
[   30.068854]  512-byte region [ffff8801cf1adb80, ffff8801cf1add80)
[   30.080522] The buggy address belongs to the page:
[   30.089227] kasan: CONFIG_KASAN_INLINE enabled
[   30.093634] kasan: GPF could be caused by NULL-ptr deref or user memory accessBUG: unable to handle kernel NULL pointer dereference at           (null)
[   30.109305] IP: [<ffffffff8181acde>] do_get_write_access+0x1be/0x13b0
[   30.116027] PGD 1cfa88067 PUD 1cfad1067 PMD 0 
[   30.121011] Oops: 0002 [#1] PREEMPT SMP KASAN
[   30.126028] Dumping ftrace buffer:
[   30.129556]    (ftrace buffer empty)
[   30.133258] Modules linked in:
[   30.136573] CPU: 1 PID: 3658 Comm: init Not tainted 4.4.134-gcb3afe1 #53
[   30.143401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.152749] task: ffff8801cf5cb000 task.stack: ffff8801cefa8000
[   30.158795] RIP: 0010:[<ffffffff8181acde>]  [<ffffffff8181acde>] do_get_write_access+0x1be/0x13b0
[   30.167957] RSP: 0018:ffff8801cefaf740  EFLAGS: 00010282
[   30.173400] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000e4a
[   30.180669] RDX: 1ffff10039eb96a8 RSI: ffffffff844bdba0 RDI: ffff8801cf5cb540
[   30.187935] RBP: ffff8801cefaf838 R08: ffff8801cf5cb978 R09: 0000000000000001
[   30.195208] R10: 0000000000000000 R11: ffff8801cf5cb000 R12: dffffc0000000000
[   30.202480] R13: ffff8800ba09b738 R14: 00000000ffff9615 R15: ffff8801ce024580
[   30.209753] FS:  00007f1a4903c7a0(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   30.217985] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.223864] CR2: 0000000000000000 CR3: 00000001d2258000 CR4: 00000000001606f0
[   30.231137] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.238406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.245665] Stack:
[   30.247833]  ffff8801cefaf800 0000000000000246 fffffbfff0941195 0000000000000000
[   30.255893]  ffff8801ce21167c 1ffff10039df5ef2 ffff8801d3d96600 ffff8801ce211660
[   30.263976]  ffff880100000000 ffff8800b14a0000 0000000041b58ab3 ffffffff841d91bb
[   30.272057] Call Trace:
[   30.274646]  [<ffffffff8181ab20>] ? __jbd2_journal_file_buffer+0x7c0/0x7c0
[   30.281692]  [<ffffffff81816f66>] ? jbd2_write_access_granted.part.6+0x176/0x2e0
[   30.289275]  [<ffffffff811a5f35>] ? preempt_count_add+0x85/0x170
[   30.295436]  [<ffffffff8181bf1d>] jbd2_journal_get_write_access+0x4d/0xa0
[   30.302369]  [<ffffffff817991cc>] __ext4_journal_get_write_access+0x4c/0x90
[   30.309473]  [<ffffffff816e8723>] ext4_reserve_inode_write+0xe3/0x180
[   30.316089]  [<ffffffff816f6a4b>] ? ext4_dirty_inode+0x7b/0xa0
[   30.322107]  [<ffffffff816e8933>] ext4_mark_inode_dirty+0x173/0xb80
[   30.328511]  [<ffffffff81277683>] ? rcu_read_lock_sched_held+0x103/0x120
[   30.335363]  [<ffffffff816e87c0>] ? ext4_reserve_inode_write+0x180/0x180
[   30.342210]  [<ffffffff8179869d>] ? __ext4_journal_start_sb+0x13d/0x500
[   30.348968]  [<ffffffff816f69d0>] ? ext4_setattr+0x20e0/0x20e0
[   30.354959]  [<ffffffff816f6a4b>] ext4_dirty_inode+0x7b/0xa0
[   30.360761]  [<ffffffff8159f9f8>] __mark_inode_dirty+0x408/0x1360
[   30.366998]  [<ffffffff812af9c4>] ? current_kernel_time64+0x104/0x120
[   30.373582]  [<ffffffff81570255>] generic_update_time+0x1a5/0x270
[   30.379814]  [<ffffffff815700b0>] ? inode_init_owner+0x290/0x290
[   30.385966]  [<ffffffff81570685>] file_update_time+0x285/0x3c0
[   30.391940]  [<ffffffff838bb5b4>] ? mutex_lock_nested+0x574/0x850
[   30.398177]  [<ffffffff81570400>] ? should_remove_suid+0xe0/0xe0
[   30.404321]  [<ffffffff838bb040>] ? mutex_lock_killable_nested+0x980/0x980
[   30.411335]  [<ffffffff81614bb5>] ? locks_free_lock+0xd5/0x130
[   30.417313]  [<ffffffff81423078>] __generic_file_write_iter+0x1c8/0x550
[   30.424073]  [<ffffffff8141d775>] ? generic_write_checks+0x245/0x410
[   30.430569]  [<ffffffff816c5585>] ext4_file_write_iter+0x405/0xc60
[   30.436906]  [<ffffffff816c5180>] ? ext4_unwritten_wait+0x1f0/0x1f0
[   30.443319]  [<ffffffff838c2035>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   30.450251]  [<ffffffff81e71d5c>] ? debug_check_no_obj_freed+0x2ec/0x940
[   30.457094]  [<ffffffff8151cd3d>] __vfs_write+0x30d/0x3f0
[   30.462634]  [<ffffffff8151ca30>] ? __vfs_read+0x3e0/0x3e0
[   30.468268]  [<ffffffff81277d63>] ? rcu_sync_lockdep_assert+0x73/0xb0
[   30.474852]  [<ffffffff81525d0f>] ? __sb_start_write+0x14f/0x310
[   30.481001]  [<ffffffff8151e921>] vfs_write+0x191/0x4e0
[   30.486363]  [<ffffffff81520f29>] SyS_write+0xd9/0x1c0
[   30.491640]  [<ffffffff81520e50>] ? SyS_read+0x1c0/0x1c0
[   30.497100]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   30.503597]  [<ffffffff838c2aa5>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   30.510167] Code: 8b 1f 48 c1 e8 03 42 80 3c 20 00 0f 85 0b 0f 00 00 31 d2 be 60 01 00 00 48 c7 c7 60 98 af 83 4c 8b 35 27 e3 be 02 e8 f2 99 98 ff <f0> 0f ba 2b 02 0f 82 24 04 00 00 e8 c2 67 b3 ff e8 bd 67 b3 ff 
[   30.537754] RIP  [<ffffffff8181acde>] do_get_write_access+0x1be/0x13b0
[   30.544550]  RSP <ffff8801cefaf740>
[   30.548162] CR2: 0000000000000000
[   30.551638] BUG: unable to handle kernel paging request at fffffffdfd782880
[   30.558994] IP: [<ffffffff81224cb5>] cpuacct_charge+0x155/0x380
[   30.565185] PGD 440f067 PUD 0 
[   30.568713] Oops: 0000 [#2] PREEMPT SMP KASAN
[   30.573720] Dumping ftrace buffer:
[   30.577247]    (ftrace buffer empty)
[   30.580944] Modules linked in:
[   30.584260] CPU: 1 PID: 3658 Comm: init Tainted: G      D         4.4.134-gcb3afe1 #53
[   30.592303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.602096] task: ffff8801cf5cb000 task.stack: ffff8801cefa8000
[   30.608147] RIP: 0010:[<ffffffff81224cb5>]  [<ffffffff81224cb5>] cpuacct_charge+0x155/0x380
[   30.616781] RSP: 0018:ffff8801db307a00  EFLAGS: 00010046
[   30.622224] RAX: 1ffffffff089500f RBX: 0000000000018528 RCX: ffffffff84a14c80
[   30.629490] RDX: fffffbffbfaf0510 RSI: fffffffdfd782880 RDI: ffffffff844a8078
[   30.636753] RBP: ffff8801db307a40 R08: 0000000000000000 R09: 0000000000000001
[   30.644019] R10: 0000000000000000 R11: ffff8801cf5cb000 R12: ffffffff844a7fa0
[   30.651290] R13: dffffc0000000000 R14: 000000001bff1783 R15: ffffffffcf1adb80
[   30.658560] FS:  00007f1a4903c7a0(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   30.666783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.672660] CR2: fffffffdfd782880 CR3: 00000001d2258000 CR4: 00000000001606f0
[   30.679938] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.687207] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.694468] Stack:
[   30.696612]  ffffffff81224bc0 ffffffff811f10ac ffff88021fffd05b ffff8800b3263060
[   30.704670]  ffff8800b3263000 000000001bff1783 ffff8800b32630b0 0000000000000000
[   30.712723]  ffff8801db307a88 ffffffff811d9239 0000000000000005 ffff8801db21f4d8
[   30.720763] Call Trace:
[   30.723330]  <IRQ> 
[   30.725391]  [<ffffffff81224bc0>] ? cpuacct_charge+0x60/0x380
[   30.731572]  [<ffffffff811f10ac>] ? select_task_rq_fair+0x37c/0x2d80
[   30.738067]  [<ffffffff811d9239>] update_curr+0x2c9/0x6d0
[   30.743605]  [<ffffffff811e443a>] enqueue_task_fair+0x2fa/0x2790
[   30.749760]  [<ffffffff811d31fb>] ? sched_clock_cpu+0x14b/0x1c0
[   30.755822]  [<ffffffff811bb91d>] activate_task+0x14d/0x280
[   30.761542]  [<ffffffff811bc94f>] ttwu_do_activate.constprop.109+0xbf/0x1e0
[   30.768652]  [<ffffffff811bfb60>] try_to_wake_up+0x660/0xf00
[   30.774465]  [<ffffffff81320a40>] ? from_kuid_munged+0x1b0/0x2a0
[   30.780616]  [<ffffffff811c0585>] default_wake_function+0x35/0x50
[   30.786853]  [<ffffffff8121b383>] autoremove_wake_function+0x13/0x90
[   30.793348]  [<ffffffff81e6ebbb>] ? check_preemption_disabled+0x3b/0x170
[   30.800188]  [<ffffffff81219ed6>] __wake_up_common+0xb6/0x150
[   30.806074]  [<ffffffff81219fa4>] __wake_up+0x34/0x50
[   30.811261]  [<ffffffff8125e8f0>] wake_up_klogd_work_func+0x80/0x90
[   30.817674]  [<ffffffff813d5427>] irq_work_run_list+0xd7/0x140
[   30.823651]  [<ffffffff813d5aa6>] irq_work_tick+0x116/0x170
[   30.829371]  [<ffffffff8129a809>] update_process_times+0x69/0x70
[   30.835519]  [<ffffffff812c5195>] tick_sched_handle.isra.15+0x55/0xf0
[   30.842098]  [<ffffffff812c5822>] tick_sched_timer+0x72/0x120
[   30.847984]  [<ffffffff812c57b0>] ? tick_sched_do_timer+0xa0/0xa0
[   30.854215]  [<ffffffff8129dd4d>] __hrtimer_run_queues+0x3ad/0x1000
[   30.860621]  [<ffffffff8129d9a0>] ? retrigger_next_event+0x1c0/0x1c0
[   30.867120]  [<ffffffff810cbeb3>] ? kvm_clock_read+0x23/0x40
[   30.872922]  [<ffffffff810cbed9>] ? kvm_clock_get_cycles+0x9/0x10
[   30.879153]  [<ffffffff8129f43d>] ? hrtimer_interrupt+0x12d/0x430
[   30.885387]  [<ffffffff8129f4c1>] hrtimer_interrupt+0x1b1/0x430
[   30.891449]  [<ffffffff810ad614>] local_apic_timer_interrupt+0x74/0xa0
[   30.898113]  [<ffffffff838c56cc>] smp_apic_timer_interrupt+0x7c/0xa0
[   30.904610]  [<ffffffff838c4610>] apic_timer_interrupt+0xa0/0xb0
[   30.910744]  <EOI> 
[   30.912814]  [<ffffffff8112f95c>] ? add_taint+0x1c/0x50
[   30.918480]  [<ffffffff810167d6>] ? oops_end+0x56/0xb0
[   30.923761]  [<ffffffff810d6bf8>] no_context+0x378/0x7b0
[   30.929210]  [<ffffffff810d6880>] ? pgtable_bad+0x110/0x110
[   30.934920]  [<ffffffff81229682>] ? __lock_is_held+0xa2/0xf0
[   30.940715]  [<ffffffff810d7290>] __bad_area_nosemaphore+0x260/0x310
[   30.947205]  [<ffffffff810d73e6>] bad_area+0x66/0x80
[   30.952312]  [<ffffffff810d7ea7>] __do_page_fault+0x767/0xa10
[   30.958193]  [<ffffffff810d8177>] do_page_fault+0x27/0x30
[   30.963994]  [<ffffffff838c3e88>] page_fault+0x28/0x30
[   30.969276]  [<ffffffff8181acde>] ? do_get_write_access+0x1be/0x13b0
[   30.975764]  [<ffffffff8181ab20>] ? __jbd2_journal_file_buffer+0x7c0/0x7c0
[   30.982778]  [<ffffffff81816f66>] ? jbd2_write_access_granted.part.6+0x176/0x2e0
[   30.990322]  [<ffffffff811a5f35>] ? preempt_count_add+0x85/0x170
[   30.996475]  [<ffffffff8181bf1d>] jbd2_journal_get_write_access+0x4d/0xa0
[   31.003408]  [<ffffffff817991cc>] __ext4_journal_get_write_access+0x4c/0x90
[   31.010515]  [<ffffffff816e8723>] ext4_reserve_inode_write+0xe3/0x180
[   31.017103]  [<ffffffff816f6a4b>] ? ext4_dirty_inode+0x7b/0xa0
[   31.023086]  [<ffffffff816e8933>] ext4_mark_inode_dirty+0x173/0xb80
[   31.029497]  [<ffffffff81277683>] ? rcu_read_lock_sched_held+0x103/0x120
[   31.036345]  [<ffffffff816e87c0>] ? ext4_reserve_inode_write+0x180/0x180
[   31.043192]  [<ffffffff8179869d>] ? __ext4_journal_start_sb+0x13d/0x500
[   31.049948]  [<ffffffff816f69d0>] ? ext4_setattr+0x20e0/0x20e0
[   31.055928]  [<ffffffff816f6a4b>] ext4_dirty_inode+0x7b/0xa0
[   31.061731]  [<ffffffff8159f9f8>] __mark_inode_dirty+0x408/0x1360
[   31.067966]  [<ffffffff812af9c4>] ? current_kernel_time64+0x104/0x120
[   31.074557]  [<ffffffff81570255>] generic_update_time+0x1a5/0x270
[   31.080792]  [<ffffffff815700b0>] ? inode_init_owner+0x290/0x290
[   31.086943]  [<ffffffff81570685>] file_update_time+0x285/0x3c0
[   31.092920]  [<ffffffff838bb5b4>] ? mutex_lock_nested+0x574/0x850
[   31.099155]  [<ffffffff81570400>] ? should_remove_suid+0xe0/0xe0
[   31.105319]  [<ffffffff838bb040>] ? mutex_lock_killable_nested+0x980/0x980
[   31.112341]  [<ffffffff81614bb5>] ? locks_free_lock+0xd5/0x130
[   31.118333]  [<ffffffff81423078>] __generic_file_write_iter+0x1c8/0x550
[   31.125089]  [<ffffffff8141d775>] ? generic_write_checks+0x245/0x410
[   31.131585]  [<ffffffff816c5585>] ext4_file_write_iter+0x405/0xc60
[   31.137907]  [<ffffffff816c5180>] ? ext4_unwritten_wait+0x1f0/0x1f0
[   31.144315]  [<ffffffff838c2035>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   31.151243]  [<ffffffff81e71d5c>] ? debug_check_no_obj_freed+0x2ec/0x940
[   31.158085]  [<ffffffff8151cd3d>] __vfs_write+0x30d/0x3f0
[   31.163628]  [<ffffffff8151ca30>] ? __vfs_read+0x3e0/0x3e0
[   31.169251]  [<ffffffff81277d63>] ? rcu_sync_lockdep_assert+0x73/0xb0
[   31.175832]  [<ffffffff81525d0f>] ? __sb_start_write+0x14f/0x310
[   31.181977]  [<ffffffff8151e921>] vfs_write+0x191/0x4e0
[   31.187419]  [<ffffffff81520f29>] SyS_write+0xd9/0x1c0
[   31.192699]  [<ffffffff81520e50>] ? SyS_read+0x1c0/0x1c0
[   31.198150]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   31.204648]  [<ffffffff838c2aa5>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   31.211222] Code: 49 8d bc 24 d8 00 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 c4 01 00 00 49 8b 9c 24 d8 00 00 00 80 3a 00 0f 85 8f 01 00 00 <4a> 03 1c f9 48 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 be 01 00 
[   31.238880] RIP  [<ffffffff81224cb5>] cpuacct_charge+0x155/0x380
[   31.245156]  RSP <ffff8801db307a00>
[   31.248766] CR2: fffffffdfd782880
[   31.252212] ---[ end trace e19391e26d4adb99 ]---
[   31.256955] Kernel panic - not syncing: Fatal exception in interrupt
[   31.743351] PANIC: double fault, error_code: 0x0
[   31.748125] CPU: 0 PID: 3657 Comm: syz-executor116 Tainted: G      D         4.4.134-gcb3afe1 #53
[   31.757106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.766435] task: ffff8800b3263000 task.stack: ffff8801cef58000
[   31.772462] RIP: 0010:[<ffffffff8148cec2>]  [<ffffffff8148cec2>] dump_page_badflags+0x12/0x70
[   31.781229] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   31.786660] RAX: ffff8800b3263000 RBX: ffffea00073c6b00 RCX: 0000000000000000
[   31.793903] RDX: 0000000000000000 RSI: ffffffff83aa9ee0 RDI: ffffea00073c6b00
[   31.801148] RBP: ffff880100000020 R08: 0000000000000001 R09: 0000000000000000
[   31.808392] R10: 0000000000000001 R11: ffffffff858ed134 R12: 0000000000000000
[   31.815639] R13: ffffffff83aa9ee0 R14: ffff8801cf1adb80 R15: ffff8801cf1add80
[   31.822888] FS:  00007f11e04e2700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   31.831088] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.836946] CR2: ffff8800fffffff8 CR3: 00000000b7233000 CR4: 00000000001606f0
[   31.844194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.851437] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.858677] Stack:
[   31.860797] 
[   31.862397] Call Trace:
[   31.864960]  <UNK> 
[   31.866992] Code: 41 9f 84 5b 5d c3 48 89 df e8 9b c8 06 00 eb dd 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 d4 <53> 48 89 fb 48 83 ec 08 e8 e1 45 ec ff 48 89 da 48 b8 00 00 00 
[   32.373835] Shutting down cpus with NMI
[   32.378262] Dumping ftrace buffer:
[   32.381774]    (ftrace buffer empty)
[   32.385455] Kernel Offset: disabled
[   32.389050] Rebooting in 86400 seconds..