Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.414281] audit: type=1400 audit(1600643209.905:8): avc:  denied  { execmem } for  pid=6392 comm="syz-executor134" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   32.419853] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
[   32.446682] ==================================================================
[   32.454140] BUG: KASAN: slab-out-of-bounds in find_first_zero_bit+0x84/0x90
[   32.461235] Read of size 8 at addr ffff88809f39a740 by task syz-executor134/6392
[   32.468757] 
[   32.470373] CPU: 1 PID: 6392 Comm: syz-executor134 Not tainted 4.14.198-syzkaller #0
[   32.478283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.487612] Call Trace:
[   32.490175]  dump_stack+0x1b2/0x283
[   32.493778]  print_address_description.cold+0x54/0x1d3
[   32.499029]  kasan_report_error.cold+0x8a/0x194
[   32.503670]  ? find_first_zero_bit+0x84/0x90
[   32.508051]  __asan_report_load8_noabort+0x68/0x70
[   32.512953]  ? do_raw_spin_unlock+0x160/0x220
[   32.517456]  ? find_first_zero_bit+0x84/0x90
[   32.521946]  find_first_zero_bit+0x84/0x90
[   32.526154]  bfs_create+0xfb/0x620
[   32.529666]  ? bfs_find_entry.part.0.constprop.0+0x370/0x370
[   32.535443]  ? bfs_link+0x220/0x220
[   32.539044]  lookup_open+0x77a/0x1750
[   32.542835]  ? vfs_mkdir+0x6e0/0x6e0
[   32.546527]  path_openat+0xe08/0x2970
[   32.550315]  ? path_lookupat+0x780/0x780
[   32.554346]  ? trace_hardirqs_on+0x10/0x10
[   32.558557]  do_filp_open+0x179/0x3c0
[   32.562330]  ? may_open_dev+0xe0/0xe0
[   32.566126]  ? lock_downgrade+0x740/0x740
[   32.570264]  ? do_raw_spin_unlock+0x164/0x220
[   32.574744]  ? _raw_spin_unlock+0x29/0x40
[   32.578878]  ? __alloc_fd+0x1be/0x490
[   32.582663]  do_sys_open+0x296/0x410
[   32.586349]  ? filp_open+0x60/0x60
[   32.589876]  ? __close_fd+0x159/0x230
[   32.593649]  ? do_syscall_64+0x4c/0x640
[   32.597593]  ? SyS_open+0x30/0x30
[   32.601039]  do_syscall_64+0x1d5/0x640
[   32.604900]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.610061] RIP: 0033:0x444449
[   32.613224] RSP: 002b:00007fffa3839f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   32.620902] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444449
[   32.628157] RDX: 00000000001015c2 RSI: 0000000020000440 RDI: ffffffffffffff9c
[   32.635401] RBP: 00000000006cf018 R08: 00007fff00000015 R09: 0000000000000000
[   32.642655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402030
[   32.649898] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000
[   32.657154] 
[   32.658761] Allocated by task 6392:
[   32.662423]  kasan_kmalloc+0xeb/0x160
[   32.666197]  __kmalloc+0x15a/0x400
[   32.669731]  bfs_fill_super+0x3d5/0xd80
[   32.673682]  mount_bdev+0x2b3/0x360
[   32.677283]  mount_fs+0x92/0x2a0
[   32.680630]  vfs_kern_mount.part.0+0x5b/0x470
[   32.685099]  do_mount+0xe53/0x2a00
[   32.688613]  SyS_mount+0xa8/0x120
[   32.692053]  do_syscall_64+0x1d5/0x640
[   32.695929]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.701087] 
[   32.702686] Freed by task 4534:
[   32.705938]  kasan_slab_free+0xc3/0x1a0
[   32.709915]  kfree+0xc9/0x250
[   32.712992]  proc_pid_attr_write+0x1fe/0x280
[   32.717369]  __vfs_write+0xe4/0x630
[   32.720965]  vfs_write+0x17f/0x4d0
[   32.724486]  SyS_write+0xf2/0x210
[   32.727911]  do_syscall_64+0x1d5/0x640
[   32.731768]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.736926] 
[   32.738527] The buggy address belongs to the object at ffff88809f39a740
[   32.738527]  which belongs to the cache kmalloc-32 of size 32
[   32.750978] The buggy address is located 0 bytes inside of
[   32.750978]  32-byte region [ffff88809f39a740, ffff88809f39a760)
[   32.762590] The buggy address belongs to the page:
[   32.767489] page:ffffea00027ce680 count:1 mapcount:0 mapping:ffff88809f39a000 index:0xffff88809f39afc1
[   32.776903] flags: 0xfffe0000000100(slab)
[   32.781026] raw: 00fffe0000000100 ffff88809f39a000 ffff88809f39afc1 000000010000001d
[   32.788881] raw: ffffea0002640960 ffffea00023d3fe0 ffff88812fe501c0 0000000000000000
[   32.796732] page dumped because: kasan: bad access detected
[   32.802410] 
[   32.804006] Memory state around the buggy address:
[   32.808916]  ffff88809f39a600: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   32.816247]  ffff88809f39a680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.823589] >ffff88809f39a700: fb fb fb fb fc fc fc fc 07 fc fc fc fc fc fc fc
[   32.830926]                                            ^
[   32.836346]  ffff88809f39a780: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[   32.843675]  ffff88809f39a800: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   32.851003] ==================================================================
[   32.858332] Disabling lock debugging due to kernel taint
[   32.864092] Kernel panic - not syncing: panic_on_warn set ...
[   32.864092] 
[   32.871446] CPU: 1 PID: 6392 Comm: syz-executor134 Tainted: G    B           4.14.198-syzkaller #0
[   32.880529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.889888] Call Trace:
[   32.892449]  dump_stack+0x1b2/0x283
[   32.896049]  panic+0x1f9/0x42d
[   32.899221]  ? add_taint.cold+0x16/0x16
[   32.903167]  ? ___preempt_schedule+0x16/0x18
[   32.907568]  kasan_end_report+0x43/0x49
[   32.911512]  kasan_report_error.cold+0xa7/0x194
[   32.916151]  ? find_first_zero_bit+0x84/0x90
[   32.920530]  __asan_report_load8_noabort+0x68/0x70
[   32.925430]  ? do_raw_spin_unlock+0x160/0x220
[   32.929904]  ? find_first_zero_bit+0x84/0x90
[   32.934280]  find_first_zero_bit+0x84/0x90
[   32.938485]  bfs_create+0xfb/0x620
[   32.941996]  ? bfs_find_entry.part.0.constprop.0+0x370/0x370
[   32.947765]  ? bfs_link+0x220/0x220
[   32.951362]  lookup_open+0x77a/0x1750
[   32.955137]  ? vfs_mkdir+0x6e0/0x6e0
[   32.958824]  path_openat+0xe08/0x2970
[   32.962596]  ? path_lookupat+0x780/0x780
[   32.966628]  ? trace_hardirqs_on+0x10/0x10
[   32.970834]  do_filp_open+0x179/0x3c0
[   32.974603]  ? may_open_dev+0xe0/0xe0
[   32.978375]  ? lock_downgrade+0x740/0x740
[   32.982493]  ? do_raw_spin_unlock+0x164/0x220
[   32.986959]  ? _raw_spin_unlock+0x29/0x40
[   32.991086]  ? __alloc_fd+0x1be/0x490
[   32.994876]  do_sys_open+0x296/0x410
[   32.998561]  ? filp_open+0x60/0x60
[   33.002069]  ? __close_fd+0x159/0x230
[   33.005853]  ? do_syscall_64+0x4c/0x640
[   33.009795]  ? SyS_open+0x30/0x30
[   33.013216]  do_syscall_64+0x1d5/0x640
[   33.017076]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   33.022245] RIP: 0033:0x444449
[   33.025406] RSP: 002b:00007fffa3839f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   33.033082] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444449
[   33.040323] RDX: 00000000001015c2 RSI: 0000000020000440 RDI: ffffffffffffff9c
[   33.047737] RBP: 00000000006cf018 R08: 00007fff00000015 R09: 0000000000000000
[   33.054977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402030
[   33.062226] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000
[   33.070791] Kernel Offset: disabled
[   33.074399] Rebooting in 86400 seconds..