[ 61.197849][ T26] audit: type=1800 audit(1563681903.572:25): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.219927][ T26] audit: type=1800 audit(1563681903.572:26): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 61.266223][ T26] audit: type=1800 audit(1563681903.572:27): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 61.712578][ T8995] sshd (8995) used greatest stack depth: 23480 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 87.104490][ T9083] ================================================================== [ 87.112647][ T9083] BUG: KASAN: slab-out-of-bounds in do_jit.isra.0+0x4c35/0x5630 [ 87.120381][ T9083] Read of size 4 at addr ffff8880a7b6447c by task syz-executor431/9083 [ 87.128649][ T9083] [ 87.130976][ T9083] CPU: 0 PID: 9083 Comm: syz-executor431 Not tainted 5.2.0+ #67 [ 87.138586][ T9083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.148629][ T9083] Call Trace: [ 87.151946][ T9083] dump_stack+0x172/0x1f0 [ 87.156271][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.161197][ T9083] print_address_description.cold+0xd4/0x306 [ 87.167164][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.172090][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.177017][ T9083] __kasan_report.cold+0x1b/0x36 [ 87.181949][ T9083] ? __do_sys_bpf+0x960/0x42f0 [ 87.186733][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.191670][ T9083] kasan_report+0x12/0x17 [ 87.195988][ T9083] __asan_report_load4_noabort+0x14/0x20 [ 87.201606][ T9083] do_jit.isra.0+0x4c35/0x5630 [ 87.206394][ T9083] ? jit_fill_hole+0x30/0x30 [ 87.210981][ T9083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.217218][ T9083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.223595][ T9083] ? rcu_read_lock_sched_held+0x110/0x130 [ 87.229451][ T9083] ? __kmalloc+0x608/0x770 [ 87.233850][ T9083] ? kmem_cache_alloc_trace+0x397/0x790 [ 87.239386][ T9083] ? bpf_int_jit_compile+0x99c/0xda0 [ 87.244660][ T9083] bpf_int_jit_compile+0x374/0xda0 [ 87.249773][ T9083] ? do_jit.isra.0+0x5630/0x5630 [ 87.254701][ T9083] ? ktime_get_with_offset+0x13a/0x350 [ 87.260158][ T9083] ? lockdep_hardirqs_on+0x418/0x5d0 [ 87.265434][ T9083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.271669][ T9083] ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0 [ 87.277468][ T9083] ? __bpf_prog_run64+0xe0/0xe0 [ 87.282310][ T9083] bpf_prog_select_runtime+0x4cd/0x7d0 [ 87.287776][ T9083] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 87.294051][ T9083] ? bpf_obj_name_cpy+0x13f/0x190 [ 87.299075][ T9083] bpf_prog_load+0xe9b/0x1670 [ 87.303759][ T9083] ? bpf_prog_new_fd+0x60/0x60 [ 87.308524][ T9083] ? lock_downgrade+0x920/0x920 [ 87.313385][ T9083] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.319967][ T9083] ? security_bpf+0x8b/0xc0 [ 87.324466][ T9083] __do_sys_bpf+0xa46/0x42f0 [ 87.329045][ T9083] ? bpf_prog_load+0x1670/0x1670 [ 87.334079][ T9083] ? lock_downgrade+0x920/0x920 [ 87.339152][ T9083] ? __kasan_check_write+0x14/0x20 [ 87.344253][ T9083] ? up_read+0x159/0x570 [ 87.348593][ T9083] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 87.354126][ T9083] ? do_syscall_64+0x26/0x6a0 [ 87.358791][ T9083] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.365001][ T9083] ? do_syscall_64+0x26/0x6a0 [ 87.369670][ T9083] __x64_sys_bpf+0x73/0xb0 [ 87.374102][ T9083] do_syscall_64+0xfd/0x6a0 [ 87.378685][ T9083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.384565][ T9083] RIP: 0033:0x4402c9 [ 87.388509][ T9083] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.408117][ T9083] RSP: 002b:00007ffcc8eac508 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 87.416917][ T9083] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 87.424911][ T9083] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005 [ 87.432880][ T9083] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 87.441206][ T9083] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50 [ 87.449176][ T9083] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 87.457146][ T9083] [ 87.459464][ T9083] Allocated by task 8660: [ 87.463777][ T9083] save_stack+0x23/0x90 [ 87.468015][ T9083] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 87.473704][ T9083] kasan_kmalloc+0x9/0x10 [ 87.478020][ T9083] __kmalloc+0x163/0x770 [ 87.482302][ T9083] tomoyo_encode2.part.0+0xf5/0x400 [ 87.487531][ T9083] tomoyo_encode+0x2b/0x50 [ 87.491948][ T9083] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 87.497777][ T9083] tomoyo_path_perm+0x230/0x430 [ 87.502612][ T9083] tomoyo_inode_getattr+0x1d/0x30 [ 87.507847][ T9083] security_inode_getattr+0xf2/0x150 [ 87.513118][ T9083] vfs_getattr+0x25/0x70 [ 87.517406][ T9083] vfs_statx_fd+0x71/0xc0 [ 87.521798][ T9083] __do_sys_newfstat+0x9b/0x120 [ 87.526758][ T9083] __x64_sys_newfstat+0x54/0x80 [ 87.531595][ T9083] do_syscall_64+0xfd/0x6a0 [ 87.536082][ T9083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.541952][ T9083] [ 87.544260][ T9083] Freed by task 8660: [ 87.548444][ T9083] save_stack+0x23/0x90 [ 87.552587][ T9083] __kasan_slab_free+0x102/0x150 [ 87.557508][ T9083] kasan_slab_free+0xe/0x10 [ 87.561992][ T9083] kfree+0x10a/0x2c0 [ 87.565868][ T9083] tomoyo_path_perm+0x24e/0x430 [ 87.570711][ T9083] tomoyo_inode_getattr+0x1d/0x30 [ 87.575724][ T9083] security_inode_getattr+0xf2/0x150 [ 87.580999][ T9083] vfs_getattr+0x25/0x70 [ 87.585271][ T9083] vfs_statx_fd+0x71/0xc0 [ 87.589594][ T9083] __do_sys_newfstat+0x9b/0x120 [ 87.594431][ T9083] __x64_sys_newfstat+0x54/0x80 [ 87.599353][ T9083] do_syscall_64+0xfd/0x6a0 [ 87.603845][ T9083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.609714][ T9083] [ 87.612028][ T9083] The buggy address belongs to the object at ffff8880a7b64440 [ 87.612028][ T9083] which belongs to the cache kmalloc-32 of size 32 [ 87.625953][ T9083] The buggy address is located 28 bytes to the right of [ 87.625953][ T9083] 32-byte region [ffff8880a7b64440, ffff8880a7b64460) [ 87.639601][ T9083] The buggy address belongs to the page: [ 87.645227][ T9083] page:ffffea00029ed900 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7b64fc1 [ 87.655619][ T9083] flags: 0x1fffc0000000200(slab) [ 87.660643][ T9083] raw: 01fffc0000000200 ffffea0002a06a48 ffffea0002a51608 ffff8880aa4001c0 [ 87.669268][ T9083] raw: ffff8880a7b64fc1 ffff8880a7b64000 000000010000002c 0000000000000000 [ 87.678034][ T9083] page dumped because: kasan: bad access detected [ 87.684473][ T9083] [ 87.686787][ T9083] Memory state around the buggy address: [ 87.692405][ T9083] ffff8880a7b64300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 87.700450][ T9083] ffff8880a7b64380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 87.708494][ T9083] >ffff8880a7b64400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 87.716542][ T9083] ^ [ 87.724503][ T9083] ffff8880a7b64480: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 87.732654][ T9083] ffff8880a7b64500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 87.740698][ T9083] ================================================================== [ 87.748738][ T9083] Disabling lock debugging due to kernel taint [ 87.755868][ T9083] Kernel panic - not syncing: panic_on_warn set ... [ 87.762465][ T9083] CPU: 0 PID: 9083 Comm: syz-executor431 Tainted: G B 5.2.0+ #67 [ 87.771460][ T9083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.781559][ T9083] Call Trace: [ 87.784837][ T9083] dump_stack+0x172/0x1f0 [ 87.789152][ T9083] panic+0x2dc/0x755 [ 87.793034][ T9083] ? add_taint.cold+0x16/0x16 [ 87.797698][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.802620][ T9083] ? preempt_schedule+0x4b/0x60 [ 87.807498][ T9083] ? ___preempt_schedule+0x16/0x18 [ 87.812600][ T9083] ? trace_hardirqs_on+0x5e/0x240 [ 87.817612][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.822531][ T9083] end_report+0x47/0x4f [ 87.826671][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.831607][ T9083] __kasan_report.cold+0xe/0x36 [ 87.836448][ T9083] ? __do_sys_bpf+0x960/0x42f0 [ 87.841227][ T9083] ? do_jit.isra.0+0x4c35/0x5630 [ 87.846158][ T9083] kasan_report+0x12/0x17 [ 87.850474][ T9083] __asan_report_load4_noabort+0x14/0x20 [ 87.856093][ T9083] do_jit.isra.0+0x4c35/0x5630 [ 87.860909][ T9083] ? jit_fill_hole+0x30/0x30 [ 87.865542][ T9083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.871775][ T9083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.878002][ T9083] ? rcu_read_lock_sched_held+0x110/0x130 [ 87.883704][ T9083] ? __kmalloc+0x608/0x770 [ 87.888134][ T9083] ? kmem_cache_alloc_trace+0x397/0x790 [ 87.893712][ T9083] ? bpf_int_jit_compile+0x99c/0xda0 [ 87.899000][ T9083] bpf_int_jit_compile+0x374/0xda0 [ 87.904098][ T9083] ? do_jit.isra.0+0x5630/0x5630 [ 87.909018][ T9083] ? ktime_get_with_offset+0x13a/0x350 [ 87.914589][ T9083] ? lockdep_hardirqs_on+0x418/0x5d0 [ 87.919902][ T9083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.926126][ T9083] ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0 [ 87.931917][ T9083] ? __bpf_prog_run64+0xe0/0xe0 [ 87.936789][ T9083] bpf_prog_select_runtime+0x4cd/0x7d0 [ 87.942290][ T9083] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 87.948519][ T9083] ? bpf_obj_name_cpy+0x13f/0x190 [ 87.953525][ T9083] bpf_prog_load+0xe9b/0x1670 [ 87.958184][ T9083] ? bpf_prog_new_fd+0x60/0x60 [ 87.962934][ T9083] ? lock_downgrade+0x920/0x920 [ 87.967773][ T9083] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.974167][ T9083] ? security_bpf+0x8b/0xc0 [ 87.978737][ T9083] __do_sys_bpf+0xa46/0x42f0 [ 87.983322][ T9083] ? bpf_prog_load+0x1670/0x1670 [ 87.988246][ T9083] ? lock_downgrade+0x920/0x920 [ 87.993083][ T9083] ? __kasan_check_write+0x14/0x20 [ 87.998220][ T9083] ? up_read+0x159/0x570 [ 88.002454][ T9083] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.007935][ T9083] ? do_syscall_64+0x26/0x6a0 [ 88.012604][ T9083] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.018655][ T9083] ? do_syscall_64+0x26/0x6a0 [ 88.023360][ T9083] __x64_sys_bpf+0x73/0xb0 [ 88.027795][ T9083] do_syscall_64+0xfd/0x6a0 [ 88.032284][ T9083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.038269][ T9083] RIP: 0033:0x4402c9 [ 88.042150][ T9083] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.061846][ T9083] RSP: 002b:00007ffcc8eac508 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 88.070345][ T9083] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 88.078334][ T9083] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005 [ 88.086296][ T9083] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 88.094368][ T9083] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50 [ 88.102321][ T9083] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 88.111297][ T9083] Kernel Offset: disabled [ 88.115710][ T9083] Rebooting in 86400 seconds..