==================================================================
BUG: KASAN: stack-out-of-bounds in deref_stack_reg+0x1b8/0x1d0
Read of size 8 at addr ffff8801a3b47400 by task syz-executor5/3238

9pnet_virtio: no channels available for device 
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
9pnet_virtio: no channels available for device 
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
zG
CPU: 0 PID: 3238 Comm: syz-executor5 Not tainted 4.14.0-rc5-mm1+ #17
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 dump_stack+0x173/0x237
 print_address_description+0x6e/0x250
 kasan_report+0x251/0x340
 deref_stack_reg+0x1b8/0x1d0
 unwind_next_frame+0xebc/0x1df0
 __save_stack_trace+0x6e/0xd0
 save_stack+0x32/0xb0
 kasan_slab_free+0x71/0xc0
 kfree+0xc8/0x250
 security_cred_free+0x42/0x80
 put_cred_rcu+0xee/0x3c0
 rcu_process_callbacks+0xcd4/0x1600
 __do_softirq+0x2ba/0xafb
 irq_exit+0x1c7/0x200
 smp_apic_timer_interrupt+0x154/0x6b0
 apic_timer_interrupt+0x96/0xa0
 </IRQ>
RIP: 0010:lock_is_held_type+0x84/0x200
RSP: 0018:ffff8801a3b47178 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11
RAX: dffffc0000000000 RBX: ffff8801c9dfc300 RCX: 0000000000000000
RDX: 1ffffffff0ad8f48 RSI: 00000000ffffffff RDI: ffffffff856c7a40
RBP: 00000000000000c8 R08: 0000000000000002 R09: 000000009b169956
R10: 00000000446570ab R11: 0000000000000000 R12: ffffffff85737ce0
R13: 0000000000000108 R14: 00000000014000c0 R15: ffff8801c27a1528
 copy_mm+0x824/0x11f2
 copy_process.part.39+0x2091/0x4b20

The buggy address belongs to the page:
page:ffffea00068ed1c0 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x200000000000000()
raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
raw: ffffea00068ed1e0 ffffea00068ed1e0 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801a3b47300: f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2
 ffff8801a3b47380: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2
>ffff8801a3b47400: f2 f2 f2 f2 f2 00 00 f2 f2 f3 f3 f3 f3 00 00 00
                   ^
 ffff8801a3b47480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801a3b47500: 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2
==================================================================