[....] Starting enhanced syslogd: rsyslogd[   13.332517] audit: type=1400 audit(1517193506.072:5): avc:  denied  { syslog } for  pid=3522 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.805529] audit: type=1400 audit(1517193512.545:6): avc:  denied  { map } for  pid=3661 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
[   34.775387] audit: type=1400 audit(1517193527.515:7): avc:  denied  { map } for  pid=3678 comm="syzkaller424624" path="/root/syzkaller424624462" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   34.802705] audit: type=1400 audit(1517193527.522:8): avc:  denied  { sys_admin } for  pid=3686 comm="syzkaller424624" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   34.967072] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz5.accept_dad = 0
net.ipv6.conf.syz5.router_solicitations = 0
[   35.048840] audit: type=1400 audit(1517193527.787:9): avc:  denied  { net_admin } for  pid=3688 comm="syzkaller424624" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
RTNETLINK answers: Operation not supported
[   35.183178] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz7.accept_dad = 0
RTNETLINK answers: No buffer space available
net.ipv6.conf.syz7.router_solicitations = 0
RTNETLINK answers: Operation not supported
[   35.251373] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   35.352341] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz3.accept_dad = 0
net.ipv6.conf.syz3.router_solicitations = 0
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
[   35.488636] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz1.accept_dad = 0
RTNETLINK answers: No buffer space available
net.ipv6.conf.syz1.router_solicitations = 0
[   35.540290] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   35.568974] IPVS: ftp: loaded support on port[0] = 21
RTNETLINK answers: Operation not supported
net.ipv6.conf.syz2.accept_dad = 0
RTNETLINK answers: Invalid argument
net.ipv6.conf.syz2.router_solicitations = 0
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
[   35.709138] IPVS: ftp: loaded support on port[0] = 21
RTNETLINK answers: Operation not supported
net.ipv6.conf.syz0.accept_dad = 0
[   35.767955] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz0.router_solicitations = 0
RTNETLINK answers: Operation not supported
net.ipv6.conf.syz4.accept_dad = 0
[   35.870876] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz4.router_solicitations = 0
net.ipv6.conf.syz6.accept_dad = 0
[   35.924853] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: No buffer space available
net.ipv6.conf.syz6.router_solicitations = 0
RTNETLINK answers: Operation not supported
[   36.029508] audit: type=1400 audit(1517193528.769:10): avc:  denied  { sys_chroot } for  pid=3688 comm="syzkaller424624" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
executing program
[   36.316446] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: No buffer space available
executing program
RTNETLINK answers: Operation not supported
[   36.393669] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Invalid argument
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
executing program
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
executing program
[   36.667966] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
executing program
[   36.734449] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   36.744380] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: No buffer space available
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
executing program
executing program
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
executing program
executing program
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
executing program
executing program
executing program
executing program
RTNETLINK answers: Invalid argument
executing program
RTNETLINK answers: Invalid argument
executing program
executing program
executing program
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Operation not supported
executing program
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
executing program
executing program
executing program
executing program
RTNETLINK answers: Invalid argument
executing program
RTNETLINK answers: Invalid argument
executing program
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
executing program
RTNETLINK answers: Invalid argument
executing program
executing program
executing program
executing program
executing program
executing program
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
RTNETLINK answers: Invalid argument
executing program
executing program
executing program
executing program
executing program
executing program
RTNETLINK answers: Invalid argument
executing program
executing program
executing program
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   45.948055] ==================================================================
[   45.955492] BUG: KASAN: use-after-free in __lock_acquire+0x3d4d/0x3e00
[   45.962157] Read of size 8 at addr ffff8801d4c0c2a0 by task syzkaller424624/9009
[   45.969677] 
[   45.971306] CPU: 0 PID: 9009 Comm: syzkaller424624 Not tainted 4.15.0-rc9+ #284
[   45.978740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.988081] Call Trace:
[   45.990661]  dump_stack+0x194/0x257
[   45.994271]  ? arch_local_irq_restore+0x53/0x53
[   45.998940]  ? show_regs_print_info+0x18/0x18
[   46.003436]  ? check_noncircular+0x20/0x20
[   46.007664]  ? __lock_acquire+0x3d4d/0x3e00
[   46.011977]  print_address_description+0x73/0x250
[   46.016808]  ? __lock_acquire+0x3d4d/0x3e00
[   46.021109]  kasan_report+0x25b/0x340
[   46.024891]  __asan_report_load8_noabort+0x14/0x20
[   46.029801]  __lock_acquire+0x3d4d/0x3e00
[   46.033930]  ? check_noncircular+0x20/0x20
[   46.038156]  ? remove_wait_queue+0x81/0x350
[   46.042473]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   46.047662]  ? lock_downgrade+0x980/0x980
[   46.051782]  ? __schedule+0x2060/0x2060
[   46.055736]  ? find_held_lock+0x35/0x1d0
[   46.059782]  ? wait_for_completion+0xe0/0x770
[   46.064246]  ? lock_downgrade+0x980/0x980
[   46.068363]  ? lock_release+0xa40/0xa40
[   46.072314]  ? usleep_range+0x190/0x190
[   46.076266]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   46.082120]  ? kasan_slab_free+0x71/0xc0
[   46.086151]  ? do_raw_spin_trylock+0x190/0x190
[   46.090707]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.095176]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.100165]  ? trace_hardirqs_on+0xd/0x10
[   46.104291]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.108765]  ? wait_for_completion+0xe0/0x770
[   46.113233]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   46.119019]  ? __lockdep_init_map+0xe4/0x650
[   46.123406]  ? llist_add_batch+0xf3/0x180
[   46.127528]  lock_acquire+0x1d5/0x580
[   46.131301]  ? lock_acquire+0x1d5/0x580
[   46.135247]  ? remove_wait_queue+0x81/0x350
[   46.139541]  ? wake_up_process+0x10/0x20
[   46.143573]  ? lock_release+0xa40/0xa40
[   46.147521]  ? vhost_work_queue+0xc0/0xc0
[   46.151647]  ? vhost_poll_stop+0x90/0x90
[   46.155685]  ? wait_for_completion+0x770/0x770
[   46.160247]  _raw_spin_lock_irqsave+0x96/0xc0
[   46.164726]  ? remove_wait_queue+0x81/0x350
[   46.169026]  remove_wait_queue+0x81/0x350
[   46.173159]  ? add_wait_queue+0x290/0x290
[   46.177280]  ? vhost_poll_flush+0x3f/0x60
[   46.181401]  ? vhost_net_flush+0x209/0x2a0
[   46.185610]  vhost_dev_stop+0x15c/0x2a0
[   46.189566]  ? vhost_net_compat_ioctl+0x30/0x30
[   46.194217]  vhost_net_release+0x6e/0x190
[   46.198343]  __fput+0x327/0x7e0
[   46.201598]  ? fput+0x140/0x140
[   46.204868]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   46.210728]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.215198]  ____fput+0x15/0x20
[   46.218450]  task_work_run+0x199/0x270
[   46.222317]  ? task_work_cancel+0x210/0x210
[   46.226632]  ? _raw_spin_unlock+0x22/0x30
[   46.230782]  ? switch_task_namespaces+0x87/0xc0
[   46.235429]  do_exit+0x9bb/0x1ad0
[   46.238868]  ? mm_update_next_owner+0x930/0x930
[   46.243514]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   46.248681]  ? __might_sleep+0x95/0x190
[   46.252635]  ? find_held_lock+0x35/0x1d0
[   46.256680]  ? futex_wait+0x402/0x9a0
[   46.260459]  ? lock_downgrade+0x980/0x980
[   46.264582]  ? __unqueue_futex+0x1c0/0x290
[   46.268788]  ? lock_release+0xa40/0xa40
[   46.272746]  ? fault_in_user_writeable+0x90/0x90
[   46.277485]  ? do_raw_spin_trylock+0x190/0x190
[   46.282044]  ? futex_wake+0x680/0x680
[   46.285819]  ? check_noncircular+0x20/0x20
[   46.290033]  ? drop_futex_key_refs.isra.12+0x63/0xb0
[   46.295122]  ? futex_wait+0x6a9/0x9a0
[   46.298907]  ? find_held_lock+0x35/0x1d0
[   46.302946]  ? get_signal+0x7ae/0x16c0
[   46.306805]  ? lock_downgrade+0x980/0x980
[   46.310934]  do_group_exit+0x149/0x400
[   46.314804]  ? do_raw_spin_trylock+0x190/0x190
[   46.319359]  ? SyS_exit+0x30/0x30
[   46.322788]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.327255]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.332244]  get_signal+0x73f/0x16c0
[   46.335952]  ? ptrace_notify+0x130/0x130
[   46.339996]  ? exit_robust_list+0x240/0x240
[   46.344294]  ? __kernel_text_address+0xd/0x40
[   46.348765]  ? unwind_get_return_address+0x61/0xa0
[   46.353689]  ? __save_stack_trace+0x7e/0xd0
[   46.357997]  ? depot_save_stack+0x12c/0x490
[   46.362298]  do_signal+0x90/0x1eb0
[   46.365811]  ? save_stack+0x43/0xd0
[   46.369414]  ? kasan_slab_free+0x71/0xc0
[   46.373456]  ? kmem_cache_free+0x83/0x2a0
[   46.377575]  ? putname+0xee/0x130
[   46.381015]  ? do_sys_open+0x31b/0x6d0
[   46.384878]  ? SyS_openat+0x30/0x40
[   46.388477]  ? entry_SYSCALL_64_fastpath+0x29/0xa0
[   46.393390]  ? setup_sigcontext+0x7d0/0x7d0
[   46.397695]  ? free_obj_work+0x690/0x690
[   46.401727]  ? __fd_install+0x288/0x740
[   46.405675]  ? get_unused_fd_flags+0x190/0x190
[   46.410227]  ? may_open_dev+0xe0/0xe0
[   46.414000]  ? rcu_pm_notify+0xc0/0xc0
[   46.417865]  ? exit_to_usermode_loop+0x8c/0x310
[   46.422521]  exit_to_usermode_loop+0x214/0x310
[   46.427076]  ? putname+0xee/0x130
[   46.430505]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   46.436029]  syscall_return_slowpath+0x490/0x550
[   46.440763]  ? prepare_exit_to_usermode+0x340/0x340
[   46.445758]  ? entry_SYSCALL_64_fastpath+0x73/0xa0
[   46.450660]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.455650]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   46.460381]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   46.465111] RIP: 0033:0x44c179
[   46.468274] RSP: 002b:00007f9cf134acf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   46.475956] RAX: fffffffffffffe00 RBX: 0000000000700024 RCX: 000000000044c179
[   46.483210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000700024
[   46.490456] RBP: 0000000000700020 R08: 0000000000000000 R09: 0000000000000000
[   46.497700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   46.504943] R13: 000000000080f40f R14: 00007f9cf134b9c0 R15: 0000000000000007
[   46.512200] 
[   46.513806] Allocated by task 9009:
[   46.517407]  save_stack+0x43/0xd0
[   46.520835]  kasan_kmalloc+0xad/0xe0
[   46.524519]  kmem_cache_alloc_trace+0x136/0x750
[   46.529160]  eventfd_file_create.part.3+0x96/0x250
[   46.534060]  SyS_eventfd+0x2c/0x80
[   46.537587]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   46.542310] 
[   46.543910] Freed by task 9009:
[   46.547161]  save_stack+0x43/0xd0
[   46.550589]  kasan_slab_free+0x71/0xc0
[   46.554448]  kfree+0xd6/0x260
[   46.557537]  eventfd_ctx_put+0x26/0x30
[   46.561403]  eventfd_release+0x52/0x60
[   46.565263]  __fput+0x327/0x7e0
[   46.568515]  ____fput+0x15/0x20
[   46.571769]  task_work_run+0x199/0x270
[   46.575632]  do_exit+0x9bb/0x1ad0
[   46.579062]  do_group_exit+0x149/0x400
[   46.582920]  get_signal+0x73f/0x16c0
[   46.586606]  do_signal+0x90/0x1eb0
[   46.590125]  exit_to_usermode_loop+0x214/0x310
[   46.594685]  syscall_return_slowpath+0x490/0x550
[   46.599421]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   46.604145] 
[   46.605746] The buggy address belongs to the object at ffff8801d4c0c280
[   46.605746]  which belongs to the cache kmalloc-96 of size 96
[   46.618201] The buggy address is located 32 bytes inside of
[   46.618201]  96-byte region [ffff8801d4c0c280, ffff8801d4c0c2e0)
[   46.629875] The buggy address belongs to the page:
[   46.634782] page:ffffea0007530300 count:1 mapcount:0 mapping:ffff8801d4c0c000 index:0x0
[   46.642898] flags: 0x2fffc0000000100(slab)
[   46.647108] raw: 02fffc0000000100 ffff8801d4c0c000 0000000000000000 0000000100000020
[   46.654964] raw: ffffea00076b59e0 ffffea0007539c60 ffff8801dac004c0 0000000000000000
[   46.662830] page dumped because: kasan: bad access detected
[   46.668518] 
[   46.670115] Memory state around the buggy address:
[   46.675023]  ffff8801d4c0c180: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   46.682359]  ffff8801d4c0c200: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   46.689689] >ffff8801d4c0c280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   46.697022]                                ^
[   46.701400]  ffff8801d4c0c300: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   46.708738]  ffff8801d4c0c380: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   46.716075] ==================================================================
[   46.723419] Disabling lock debugging due to kernel taint
[   46.728841] Kernel panic - not syncing: panic_on_warn set ...
[   46.728841] 
[   46.736179] CPU: 0 PID: 9009 Comm: syzkaller424624 Tainted: G    B            4.15.0-rc9+ #284
[   46.744895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.754228] Call Trace:
[   46.756792]  dump_stack+0x194/0x257
[   46.760391]  ? arch_local_irq_restore+0x53/0x53
[   46.765037]  ? kasan_end_report+0x32/0x50
[   46.769159]  ? lock_downgrade+0x980/0x980
[   46.773294]  ? vsnprintf+0x1ed/0x1900
[   46.777065]  ? __lock_acquire+0x3cd0/0x3e00
[   46.781356]  panic+0x1e4/0x41c
[   46.784522]  ? refcount_error_report+0x214/0x214
[   46.789246]  ? add_taint+0x40/0x50
[   46.792753]  ? add_taint+0x1c/0x50
[   46.796267]  ? __lock_acquire+0x3d4d/0x3e00
[   46.800573]  kasan_end_report+0x50/0x50
[   46.804523]  kasan_report+0x144/0x340
[   46.808294]  __asan_report_load8_noabort+0x14/0x20
[   46.813205]  __lock_acquire+0x3d4d/0x3e00
[   46.817323]  ? check_noncircular+0x20/0x20
[   46.821529]  ? remove_wait_queue+0x81/0x350
[   46.825832]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   46.830988]  ? lock_downgrade+0x980/0x980
[   46.835115]  ? __schedule+0x2060/0x2060
[   46.839068]  ? find_held_lock+0x35/0x1d0
[   46.843099]  ? wait_for_completion+0xe0/0x770
[   46.847566]  ? lock_downgrade+0x980/0x980
[   46.851686]  ? lock_release+0xa40/0xa40
[   46.855632]  ? usleep_range+0x190/0x190
[   46.859578]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   46.865435]  ? kasan_slab_free+0x71/0xc0
[   46.869472]  ? do_raw_spin_trylock+0x190/0x190
[   46.874036]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.878505]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.883497]  ? trace_hardirqs_on+0xd/0x10
[   46.887622]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.892088]  ? wait_for_completion+0xe0/0x770
[   46.896575]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   46.902344]  ? __lockdep_init_map+0xe4/0x650
[   46.906734]  ? llist_add_batch+0xf3/0x180
[   46.910855]  lock_acquire+0x1d5/0x580
[   46.914634]  ? lock_acquire+0x1d5/0x580
[   46.918583]  ? remove_wait_queue+0x81/0x350
[   46.922896]  ? wake_up_process+0x10/0x20
[   46.926929]  ? lock_release+0xa40/0xa40
[   46.930878]  ? vhost_work_queue+0xc0/0xc0
[   46.935016]  ? vhost_poll_stop+0x90/0x90
[   46.939051]  ? wait_for_completion+0x770/0x770
[   46.943605]  _raw_spin_lock_irqsave+0x96/0xc0
[   46.948081]  ? remove_wait_queue+0x81/0x350
[   46.952399]  remove_wait_queue+0x81/0x350
[   46.956534]  ? add_wait_queue+0x290/0x290
[   46.960653]  ? vhost_poll_flush+0x3f/0x60
[   46.964770]  ? vhost_net_flush+0x209/0x2a0
[   46.968979]  vhost_dev_stop+0x15c/0x2a0
[   46.972935]  ? vhost_net_compat_ioctl+0x30/0x30
[   46.977584]  vhost_net_release+0x6e/0x190
[   46.981709]  __fput+0x327/0x7e0
[   46.984962]  ? fput+0x140/0x140
[   46.988224]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   46.994090]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.998560]  ____fput+0x15/0x20
[   47.001813]  task_work_run+0x199/0x270
[   47.005673]  ? task_work_cancel+0x210/0x210
[   47.009975]  ? _raw_spin_unlock+0x22/0x30
[   47.014095]  ? switch_task_namespaces+0x87/0xc0
[   47.018737]  do_exit+0x9bb/0x1ad0
[   47.022163]  ? mm_update_next_owner+0x930/0x930
[   47.026806]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   47.031983]  ? __might_sleep+0x95/0x190
[   47.035928]  ? find_held_lock+0x35/0x1d0
[   47.039972]  ? futex_wait+0x402/0x9a0
[   47.043754]  ? lock_downgrade+0x980/0x980
[   47.047881]  ? __unqueue_futex+0x1c0/0x290
[   47.052088]  ? lock_release+0xa40/0xa40
[   47.056036]  ? fault_in_user_writeable+0x90/0x90
[   47.060764]  ? do_raw_spin_trylock+0x190/0x190
[   47.065316]  ? futex_wake+0x680/0x680
[   47.069091]  ? check_noncircular+0x20/0x20
[   47.073305]  ? drop_futex_key_refs.isra.12+0x63/0xb0
[   47.078378]  ? futex_wait+0x6a9/0x9a0
[   47.082165]  ? find_held_lock+0x35/0x1d0
[   47.086198]  ? get_signal+0x7ae/0x16c0
[   47.090055]  ? lock_downgrade+0x980/0x980
[   47.094349]  do_group_exit+0x149/0x400
[   47.098238]  ? do_raw_spin_trylock+0x190/0x190
[   47.102793]  ? SyS_exit+0x30/0x30
[   47.106216]  ? _raw_spin_unlock_irq+0x27/0x70
[   47.110681]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   47.115671]  get_signal+0x73f/0x16c0
[   47.119360]  ? ptrace_notify+0x130/0x130
[   47.123397]  ? exit_robust_list+0x240/0x240
[   47.127700]  ? __kernel_text_address+0xd/0x40
[   47.132168]  ? unwind_get_return_address+0x61/0xa0
[   47.137079]  ? __save_stack_trace+0x7e/0xd0
[   47.141374]  ? depot_save_stack+0x12c/0x490
[   47.145678]  do_signal+0x90/0x1eb0
[   47.149190]  ? save_stack+0x43/0xd0
[   47.152787]  ? kasan_slab_free+0x71/0xc0
[   47.156823]  ? kmem_cache_free+0x83/0x2a0
[   47.160938]  ? putname+0xee/0x130
[   47.164363]  ? do_sys_open+0x31b/0x6d0
[   47.168220]  ? SyS_openat+0x30/0x40
[   47.171818]  ? entry_SYSCALL_64_fastpath+0x29/0xa0
[   47.176722]  ? setup_sigcontext+0x7d0/0x7d0
[   47.181041]  ? free_obj_work+0x690/0x690
[   47.185075]  ? __fd_install+0x288/0x740
[   47.189028]  ? get_unused_fd_flags+0x190/0x190
[   47.193603]  ? may_open_dev+0xe0/0xe0
[   47.197380]  ? rcu_pm_notify+0xc0/0xc0
[   47.201240]  ? exit_to_usermode_loop+0x8c/0x310
[   47.205884]  exit_to_usermode_loop+0x214/0x310
[   47.210436]  ? putname+0xee/0x130
[   47.213870]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   47.219381]  syscall_return_slowpath+0x490/0x550
[   47.224109]  ? prepare_exit_to_usermode+0x340/0x340
[   47.229098]  ? entry_SYSCALL_64_fastpath+0x73/0xa0
[   47.234020]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   47.239015]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.243749]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   47.248475] RIP: 0033:0x44c179
[   47.251636] RSP: 002b:00007f9cf134acf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   47.259320] RAX: fffffffffffffe00 RBX: 0000000000700024 RCX: 000000000044c179
[   47.266585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000700024
[   47.273834] RBP: 0000000000700020 R08: 0000000000000000 R09: 0000000000000000
[   47.281075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   47.288319] R13: 000000000080f40f R14: 00007f9cf134b9c0 R15: 0000000000000007
[   47.296057] Dumping ftrace buffer:
[   47.299583]    (ftrace buffer empty)
[   47.303265] Kernel Offset: disabled
[   47.306862] Rebooting in 86400 seconds..