Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts.
[  476.224281] audit: type=1400 audit(1555391102.268:36): avc:  denied  { map } for  pid=7817 comm="syz-executor671" path="/root/syz-executor671384224" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  476.260516] IPVS: ftp: loaded support on port[0] = 21
executing program
[  476.291363] audit: type=1400 audit(1555391102.338:37): avc:  denied  { associate } for  pid=7818 comm="syz-executor671" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  476.382170] IPVS: ftp: loaded support on port[0] = 21
executing program
[  476.593906] IPVS: ftp: loaded support on port[0] = 21
executing program
[  476.803559] IPVS: ftp: loaded support on port[0] = 21
executing program
[  477.013734] IPVS: ftp: loaded support on port[0] = 21
executing program
[  477.223758] IPVS: ftp: loaded support on port[0] = 21
executing program
[  477.436156] IPVS: ftp: loaded support on port[0] = 21
executing program
[  477.646812] IPVS: ftp: loaded support on port[0] = 21
executing program
[  477.857838] IPVS: ftp: loaded support on port[0] = 21
executing program
[  478.069180] IPVS: ftp: loaded support on port[0] = 21
executing program
[  478.282751] IPVS: ftp: loaded support on port[0] = 21
executing program
[  478.496927] IPVS: ftp: loaded support on port[0] = 21
executing program
[  478.714318] IPVS: ftp: loaded support on port[0] = 21
executing program
[  478.929242] IPVS: ftp: loaded support on port[0] = 21
executing program
[  479.144306] IPVS: ftp: loaded support on port[0] = 21
executing program
[  479.359092] IPVS: ftp: loaded support on port[0] = 21
executing program
[  479.575422] IPVS: ftp: loaded support on port[0] = 21
executing program
[  479.789025] IPVS: ftp: loaded support on port[0] = 21
executing program
[  480.001318] IPVS: ftp: loaded support on port[0] = 21
executing program
[  480.215939] IPVS: ftp: loaded support on port[0] = 21
executing program
[  480.430095] IPVS: ftp: loaded support on port[0] = 21
executing program
[  480.650005] IPVS: ftp: loaded support on port[0] = 21
executing program
[  480.862223] IPVS: ftp: loaded support on port[0] = 21
executing program
[  481.078320] IPVS: ftp: loaded support on port[0] = 21
executing program
[  481.292051] IPVS: ftp: loaded support on port[0] = 21
executing program
[  481.507778] IPVS: ftp: loaded support on port[0] = 21
executing program
[  481.732099] IPVS: ftp: loaded support on port[0] = 21
executing program
[  481.945522] IPVS: ftp: loaded support on port[0] = 21
executing program
[  482.156829] IPVS: ftp: loaded support on port[0] = 21
executing program
[  482.371792] IPVS: ftp: loaded support on port[0] = 21
[  482.397223] cgroup: fork rejected by pids controller in /syz0
[  482.531734] ==================================================================
[  482.540983] BUG: KASAN: use-after-free in get_mem_cgroup_from_mm+0x28f/0x2b0
[  482.548826] Read of size 8 at addr ffff888098c13788 by task syz-executor671/7933
[  482.559629] 
[  482.561587] CPU: 0 PID: 7933 Comm: syz-executor671 Not tainted 4.19.34 #2
[  482.569531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  482.579950] Call Trace:
[  482.582787]  dump_stack+0x172/0x1f0
[  482.586549]  ? get_mem_cgroup_from_mm+0x28f/0x2b0
[  482.591626]  print_address_description.cold+0x7c/0x20d
[  482.596972]  ? get_mem_cgroup_from_mm+0x28f/0x2b0
[  482.602048]  kasan_report.cold+0x8c/0x2ba
[  482.606747]  __asan_report_load8_noabort+0x14/0x20
[  482.611861]  get_mem_cgroup_from_mm+0x28f/0x2b0
[  482.617114]  mem_cgroup_try_charge+0x238/0x5e0
[  482.621892]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  482.627694]  mcopy_atomic+0x893/0x2600
[  482.631981]  ? find_held_lock+0x35/0x130
[  482.636549]  ? mm_alloc_pmd+0x300/0x300
[  482.640762]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  482.647259]  ? _copy_from_user+0xdd/0x150
[  482.651752]  userfaultfd_ioctl+0x4dd/0x39e0
[  482.656228]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  482.662395]  ? userfaultfd_read+0x18c0/0x18c0
[  482.666929]  ? mark_held_locks+0x100/0x100
[  482.673206]  ? do_futex+0x178/0x1d50
[  482.678658]  ? file_has_perm+0x26d/0x390
[  482.683961]  ? find_held_lock+0x35/0x130
[  482.688872]  ? __fget+0x340/0x540
[  482.693136]  ? userfaultfd_read+0x18c0/0x18c0
[  482.697900]  do_vfs_ioctl+0xd6e/0x1390
[  482.702613]  ? userfaultfd_read+0x18c0/0x18c0
[  482.707652]  ? do_vfs_ioctl+0xd6e/0x1390
[  482.714299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  482.719964]  ? selinux_file_ioctl+0x125/0x5e0
[  482.725020]  ? ioctl_preallocate+0x210/0x210
[  482.729749]  ? selinux_file_mprotect+0x620/0x620
[  482.734817]  ? iterate_fd+0x360/0x360
[  482.738817]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  482.744763]  ? security_file_ioctl+0x93/0xc0
[  482.749468]  ksys_ioctl+0xab/0xd0
[  482.753247]  __x64_sys_ioctl+0x73/0xb0
[  482.758663]  do_syscall_64+0x103/0x610
[  482.765739]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  482.772289] RIP: 0033:0x4471a9
[  482.775614] Code: e8 4c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  482.797293] RSP: 002b:00007fcfa1242db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  482.805729] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471a9
[  482.813582] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004
[  482.821789] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000
[  482.829691] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c
[  482.838464] R13: 00007ffd131302ff R14: 00007fcfa12439c0 R15: 0000000000000001
[  482.845926] 
[  482.847738] Allocated by task 7932:
[  482.851769]  save_stack+0x45/0xd0
[  482.855358]  kasan_kmalloc+0xce/0xf0
[  482.859611]  kasan_slab_alloc+0xf/0x20
[  482.863722]  kmem_cache_alloc_node+0x144/0x710
[  482.868548]  copy_process.part.0+0x1cd5/0x7970
[  482.874014]  _do_fork+0x257/0xfe0
[  482.877515]  __x64_sys_clone+0xbf/0x150
[  482.883646]  do_syscall_64+0x103/0x610
[  482.888534]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  482.894008] 
[  482.895745] Freed by task 7932:
[  482.899119]  save_stack+0x45/0xd0
[  482.902613]  __kasan_slab_free+0x102/0x150
[  482.907109]  kasan_slab_free+0xe/0x10
[  482.910938]  kmem_cache_free+0x86/0x260
[  482.914930]  free_task+0xdd/0x120
[  482.919024]  copy_process.part.0+0x1a07/0x7970
[  482.923883]  _do_fork+0x257/0xfe0
[  482.927418]  __x64_sys_clone+0xbf/0x150
[  482.931518]  do_syscall_64+0x103/0x610
[  482.935461]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  482.940916] 
[  482.942551] The buggy address belongs to the object at ffff888098c126c0
[  482.942551]  which belongs to the cache task_struct(17:syz0) of size 6080
[  482.956719] The buggy address is located 4296 bytes inside of
[  482.956719]  6080-byte region [ffff888098c126c0, ffff888098c13e80)
[  482.970111] The buggy address belongs to the page:
[  482.975145] page:ffffea0002630480 count:1 mapcount:0 mapping:ffff88809b659900 index:0x0 compound_mapcount: 0
[  482.985239] flags: 0x1fffc0000008100(slab|head)
[  482.990347] raw: 01fffc0000008100 ffffea0002630408 ffffea0002738c88 ffff88809b659900
[  482.998867] raw: 0000000000000000 ffff888098c126c0 0000000100000001 ffff88809639acc0
[  483.007363] page dumped because: kasan: bad access detected
[  483.014574] page->mem_cgroup:ffff88809639acc0
[  483.020005] 
[  483.021647] Memory state around the buggy address:
[  483.027326]  ffff888098c13680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  483.034789]  ffff888098c13700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  483.042465] >ffff888098c13780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  483.050514]                       ^
[  483.054335]  ffff888098c13800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  483.061894]  ffff888098c13880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  483.069867] ==================================================================
[  483.077762] Disabling lock debugging due to kernel taint
[  483.084448] Kernel panic - not syncing: panic_on_warn set ...
[  483.084448] 
[  483.092492] CPU: 0 PID: 7933 Comm: syz-executor671 Tainted: G    B             4.19.34 #2
[  483.102228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  483.112639] Call Trace:
[  483.115250]  dump_stack+0x172/0x1f0
[  483.118985]  ? get_mem_cgroup_from_mm+0x28f/0x2b0
[  483.124337]  panic+0x263/0x51d
[  483.127752]  ? __warn_printk+0xf3/0xf3
[  483.131884]  ? get_mem_cgroup_from_mm+0x28f/0x2b0
[  483.137561]  ? preempt_schedule+0x4b/0x60
[  483.141989]  ? ___preempt_schedule+0x16/0x18
[  483.146672]  ? trace_hardirqs_on+0x5e/0x230
[  483.151143]  ? get_mem_cgroup_from_mm+0x28f/0x2b0
[  483.156204]  kasan_end_report+0x47/0x4f
[  483.160209]  kasan_report.cold+0xa9/0x2ba
[  483.164549]  __asan_report_load8_noabort+0x14/0x20
[  483.169848]  get_mem_cgroup_from_mm+0x28f/0x2b0
[  483.174721]  mem_cgroup_try_charge+0x238/0x5e0
[  483.179336]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  483.184955]  mcopy_atomic+0x893/0x2600
[  483.189175]  ? find_held_lock+0x35/0x130
[  483.193548]  ? mm_alloc_pmd+0x300/0x300
[  483.197715]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  483.203412]  ? _copy_from_user+0xdd/0x150
[  483.207773]  userfaultfd_ioctl+0x4dd/0x39e0
[  483.212443]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  483.217549]  ? userfaultfd_read+0x18c0/0x18c0
[  483.222347]  ? mark_held_locks+0x100/0x100
[  483.226762]  ? do_futex+0x178/0x1d50
[  483.230604]  ? file_has_perm+0x26d/0x390
[  483.238752]  ? find_held_lock+0x35/0x130
[  483.243677]  ? __fget+0x340/0x540
[  483.247249]  ? userfaultfd_read+0x18c0/0x18c0
[  483.251959]  do_vfs_ioctl+0xd6e/0x1390
[  483.255921]  ? userfaultfd_read+0x18c0/0x18c0
[  483.260516]  ? do_vfs_ioctl+0xd6e/0x1390
[  483.264696]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  483.270373]  ? selinux_file_ioctl+0x125/0x5e0
[  483.274889]  ? ioctl_preallocate+0x210/0x210
[  483.279316]  ? selinux_file_mprotect+0x620/0x620
[  483.284096]  ? iterate_fd+0x360/0x360
[  483.287915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  483.293466]  ? security_file_ioctl+0x93/0xc0
[  483.297891]  ksys_ioctl+0xab/0xd0
[  483.301452]  __x64_sys_ioctl+0x73/0xb0
[  483.305490]  do_syscall_64+0x103/0x610
[  483.309410]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  483.314619] RIP: 0033:0x4471a9
[  483.317822] Code: e8 4c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  483.336854] RSP: 002b:00007fcfa1242db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  483.344733] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471a9
[  483.352022] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004
[  483.359583] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000
[  483.367097] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c
[  483.374463] R13: 00007ffd131302ff R14: 00007fcfa12439c0 R15: 0000000000000001
[  483.382919] Kernel Offset: disabled
[  483.386587] Rebooting in 86400 seconds..