kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access[   36.892398] BUG: spinlock bad magic on CPU#1, kworker/u4:3/3612
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 6265 Comm: syz-executor5 Not tainted 4.4.105-gdcfa5fe #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801da6d4680 task.stack: ffff8801d9ba0000
RIP: 0010:[<ffffffff81413651>]  [<ffffffff81413651>] __read_once_size include/linux/compiler.h:218 [inline]
RIP: 0010:[<ffffffff81413651>]  [<ffffffff81413651>] atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP: 0010:[<ffffffff81413651>]  [<ffffffff81413651>] put_page_testzero include/linux/mm.h:357 [inline]
RIP: 0010:[<ffffffff81413651>]  [<ffffffff81413651>] __free_pages+0x21/0x90 mm/page_alloc.c:3365
RSP: 0018:ffff8801d9ba7af0  EFLAGS: 00010a07
RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: 0000000000000020
RDX: 1bd5a9d5a0000003 RSI: 0000000000000001 RDI: dead4ead0000001c
RBP: ffff8801d9ba7b00 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800bb04a100
R13: dffffc0000000000 R14: 0000000000000004 R15: ffff8800bb04a268
FS:  00007f04b5488700(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc6813bfbc CR3: 00000000b1a07000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801d9ba7b78 ffff8800bb04a258 ffff8801d9ba7b60 ffffffff8256476c
 ffff880100000000 ffff8800bb04a270 ffffed001760944b ffffed001760944e
 0000000000000020 ffff8800bb04a240 0000000000000000 0000000000000000
Call Trace:
 [<ffffffff8256476c>] sg_remove_scat.isra.18+0x19c/0x2b0 drivers/scsi/sg.c:1964
 [<ffffffff82564ae8>] sg_finish_rem_req+0x268/0x2f0 drivers/scsi/sg.c:1846
 [<ffffffff82564b92>] sg_new_read.isra.19+0x22/0x390 drivers/scsi/sg.c:578
 [<ffffffff82566509>] sg_read+0x709/0x1260 drivers/scsi/sg.c:467
 [<ffffffff814f631a>] __vfs_read+0xda/0x3e0 fs/read_write.c:432
 [<ffffffff814f7fb1>] vfs_read+0xe1/0x340 fs/read_write.c:454
 [<ffffffff814fa923>] SYSC_read fs/read_write.c:569 [inline]
 [<ffffffff814fa923>] SyS_read+0xd3/0x1c0 fs/read_write.c:562
 [<ffffffff8374a636>] entry_SYSCALL_64_fastpath+0x16/0x76
Code: 36 6e 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 
RIP  [<ffffffff81413651>] __read_once_size include/linux/compiler.h:218 [inline]
RIP  [<ffffffff81413651>] atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP  [<ffffffff81413651>] put_page_testzero include/linux/mm.h:357 [inline]
RIP  [<ffffffff81413651>] __free_pages+0x21/0x90 mm/page_alloc.c:3365
 RSP <ffff8801d9ba7af0>
---[ end trace 6b71b89200c757d0 ]---
Kernel panic - not syncing: Fatal exception
 lock: 0xffff8801da7f2118, .magic: dead4eac, .owner: <none>/-1, .owner_cpu: -1
CPU: 1 PID: 3612 Comm: kworker/u4:3 Tainted: G      D         4.4.105-gdcfa5fe #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
 0000000000000000 8d9a1d00aa423dd3 ffff8801db5078d0 ffffffff81cc90ef
 ffff8801da7f2118 ffff8801cecd5e00 ffff8801db507910 ffffffff812387ad
 0000000000000000 0000000000000000 0000000000000001 ffff8801da7f2118
Call Trace:
 <IRQ>  [<ffffffff81cc90ef>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81cc90ef>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff812387ad>] spin_dump+0x14d/0x280 kernel/locking/spinlock_debug.c:67
 [<ffffffff81238b98>] spin_bug kernel/locking/spinlock_debug.c:75 [inline]
 [<ffffffff81238b98>] debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
 [<ffffffff81238b98>] do_raw_spin_lock+0x228/0x2c0 kernel/locking/spinlock_debug.c:135
 [<ffffffff8374a2b6>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [inline]
 [<ffffffff8374a2b6>] _raw_spin_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:159
 [<ffffffff8121156e>] __wake_up+0x1e/0x50 kernel/sched/wait.c:94
 [<ffffffff82567965>] sg_rq_end_io+0x555/0xd20 drivers/scsi/sg.c:1396
 [<ffffffff81c5ea64>] __blk_mq_end_request+0x44/0xa0 block/blk-mq.c:311
 [<ffffffff824cf196>] scsi_end_request+0x116/0x5a0 drivers/scsi/scsi_lib.c:716
 [<ffffffff824d8751>] scsi_io_completion+0x1b01/0x1df0 drivers/scsi/scsi_lib.c:918
 [<ffffffff824bc1b3>] scsi_finish_command+0x373/0x4e0 drivers/scsi/scsi.c:607
 [<ffffffff824d58cc>] scsi_softirq_done+0x21c/0x330 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81c60b55>] blk_mq_ipi_complete_request block/blk-mq.c:356 [inline]
 [<ffffffff81c60b55>] __blk_mq_complete_request+0x1e5/0x4b0 block/blk-mq.c:368
 [<ffffffff81c60e6f>] blk_mq_complete_request+0x4f/0x70 block/blk-mq.c:387
 [<ffffffff824d261c>] scsi_mq_done+0xec/0x350 drivers/scsi/scsi_lib.c:1964
 [<ffffffff824fa1e2>] virtscsi_complete_cmd+0x552/0x740 drivers/scsi/virtio_scsi.c:210
 [<ffffffff824f7f23>] virtscsi_vq_done+0xb3/0x130 drivers/scsi/virtio_scsi.c:228
 [<ffffffff824f8041>] virtscsi_req_done+0xa1/0xc0 drivers/scsi/virtio_scsi.c:243
 [<ffffffff81ee3b0a>] vring_interrupt+0xea/0x150 drivers/virtio/virtio_ring.c:722
 [<ffffffff8125cde7>] handle_irq_event_percpu+0xe7/0x850 kernel/irq/handle.c:146
 [<ffffffff8125d5f2>] handle_irq_event+0xa2/0x130 kernel/irq/handle.c:194
 [<ffffffff81266f01>] handle_edge_irq+0x1e1/0x840 kernel/irq/chip.c:623
 [<ffffffff81015950>] generic_handle_irq_desc include/linux/irqdesc.h:140 [inline]
 [<ffffffff81015950>] handle_irq+0x250/0x3a0 arch/x86/kernel/irq_64.c:78
 [<ffffffff8374cd29>] do_IRQ+0x89/0x1b0 arch/x86/kernel/irq.c:240
 [<ffffffff8374b14c>] common_interrupt+0x8c/0x8c arch/x86/entry/entry_64.S:553
 <EOI>  [<ffffffff8122f50f>] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline]
 <EOI>  [<ffffffff8122f50f>] ? lock_acquire+0x19f/0x460 kernel/locking/lockdep.c:3595
 [<ffffffff83749846>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
 [<ffffffff83749846>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
 [<ffffffff82f527cb>] spin_lock include/linux/spinlock.h:302 [inline]
 [<ffffffff82f527cb>] get_next_corpse net/netfilter/nf_conntrack_core.c:1385 [inline]
 [<ffffffff82f527cb>] nf_ct_iterate_cleanup+0xbb/0x4d0 net/netfilter/nf_conntrack_core.c:1425
 [<ffffffff82f68191>] nf_ct_l4proto_pernet_unregister+0x91/0xf0 net/netfilter/nf_conntrack_proto.c:473
 [<ffffffff833c3dd1>] ipv6_net_exit+0x41/0x50 net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c:379
 [<ffffffff82dd3eab>] ops_exit_list.isra.4+0x8b/0x120 net/core/net_namespace.c:134
 [<ffffffff82dd6b29>] cleanup_net+0x2d9/0x560 net/core/net_namespace.c:433
 [<ffffffff811747e4>] process_one_work+0x6b4/0x16e0 kernel/workqueue.c:2063
 [<ffffffff811758e5>] worker_thread+0xd5/0xef0 kernel/workqueue.c:2195
 [<ffffffff81184115>] kthread+0x245/0x310 kernel/kthread.c:211
 [<ffffffff8374a9ef>] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..