[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.374340][ T26] audit: type=1800 audit(1563679241.748:25): pid=8943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.416897][ T26] audit: type=1800 audit(1563679241.748:26): pid=8943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.474512][ T26] audit: type=1800 audit(1563679241.748:27): pid=8943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.266360][ T9094] ================================================================== [ 68.274697][ T9094] BUG: KASAN: slab-out-of-bounds in do_jit.isra.0+0x4c35/0x5630 [ 68.282376][ T9094] Read of size 4 at addr ffff88809fb2ecbc by task syz-executor695/9094 [ 68.290601][ T9094] [ 68.292916][ T9094] CPU: 1 PID: 9094 Comm: syz-executor695 Not tainted 5.2.0+ #41 [ 68.300521][ T9094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.310555][ T9094] Call Trace: [ 68.314213][ T9094] dump_stack+0x172/0x1f0 [ 68.318538][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.323571][ T9094] print_address_description.cold+0xd4/0x306 [ 68.329557][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.334487][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.339418][ T9094] __kasan_report.cold+0x1b/0x36 [ 68.344346][ T9094] ? __do_sys_bpf+0x970/0x42f0 [ 68.349095][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.354018][ T9094] kasan_report+0x12/0x20 [ 68.358335][ T9094] __asan_report_load4_noabort+0x14/0x20 [ 68.363956][ T9094] do_jit.isra.0+0x4c35/0x5630 [ 68.368712][ T9094] ? jit_fill_hole+0x30/0x30 [ 68.373288][ T9094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.379524][ T9094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.385773][ T9094] ? rcu_read_lock_sched_held+0x110/0x130 [ 68.391481][ T9094] ? __kmalloc+0x60a/0x780 [ 68.395882][ T9094] ? kmem_cache_alloc_trace+0x397/0x790 [ 68.401417][ T9094] ? bpf_int_jit_compile+0x99c/0xda0 [ 68.406756][ T9094] bpf_int_jit_compile+0x374/0xda0 [ 68.411878][ T9094] ? do_jit.isra.0+0x5630/0x5630 [ 68.416815][ T9094] ? ktime_get_with_offset+0x13a/0x360 [ 68.422276][ T9094] ? lockdep_hardirqs_on+0x418/0x5d0 [ 68.428191][ T9094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.434420][ T9094] ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0 [ 68.440216][ T9094] ? __bpf_prog_run64+0xe0/0xe0 [ 68.445055][ T9094] bpf_prog_select_runtime+0x4cd/0x7d0 [ 68.450506][ T9094] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 68.456757][ T9094] ? bpf_obj_name_cpy+0x13f/0x190 [ 68.461796][ T9094] bpf_prog_load+0xe9b/0x1670 [ 68.466481][ T9094] ? bpf_prog_new_fd+0x60/0x60 [ 68.471235][ T9094] ? lock_downgrade+0x920/0x920 [ 68.476079][ T9094] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 68.482306][ T9094] ? security_bpf+0x8b/0xc0 [ 68.486811][ T9094] __do_sys_bpf+0xa46/0x42f0 [ 68.491506][ T9094] ? bpf_prog_load+0x1670/0x1670 [ 68.496427][ T9094] ? lock_downgrade+0x920/0x920 [ 68.501276][ T9094] ? __kasan_check_write+0x14/0x20 [ 68.506391][ T9094] ? up_read+0x159/0x570 [ 68.510650][ T9094] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 68.516099][ T9094] ? do_syscall_64+0x26/0x6a0 [ 68.520765][ T9094] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.526825][ T9094] ? do_syscall_64+0x26/0x6a0 [ 68.531520][ T9094] __x64_sys_bpf+0x73/0xb0 [ 68.535923][ T9094] do_syscall_64+0xfd/0x6a0 [ 68.540413][ T9094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.546282][ T9094] RIP: 0033:0x4402c9 [ 68.550162][ T9094] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.569767][ T9094] RSP: 002b:00007ffe175c59d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 68.578163][ T9094] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 68.586138][ T9094] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005 [ 68.594114][ T9094] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 68.602072][ T9094] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50 [ 68.610026][ T9094] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 68.618010][ T9094] [ 68.620322][ T9094] Allocated by task 9070: [ 68.624628][ T9094] save_stack+0x23/0x90 [ 68.628765][ T9094] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 68.634467][ T9094] kasan_kmalloc+0x9/0x10 [ 68.638879][ T9094] __kmalloc+0x163/0x780 [ 68.643103][ T9094] tomoyo_supervisor+0xb6d/0xef0 [ 68.648024][ T9094] tomoyo_env_perm+0x18e/0x210 [ 68.652784][ T9094] tomoyo_find_next_domain+0x1354/0x1f6c [ 68.658400][ T9094] tomoyo_bprm_check_security+0x124/0x1b0 [ 68.664104][ T9094] security_bprm_check+0x63/0xb0 [ 68.669031][ T9094] search_binary_handler+0x71/0x570 [ 68.674231][ T9094] __do_execve_file.isra.0+0x1333/0x2340 [ 68.679856][ T9094] __x64_sys_execve+0x8f/0xc0 [ 68.684533][ T9094] do_syscall_64+0xfd/0x6a0 [ 68.689023][ T9094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.694889][ T9094] [ 68.697198][ T9094] Freed by task 9070: [ 68.701160][ T9094] save_stack+0x23/0x90 [ 68.705306][ T9094] __kasan_slab_free+0x102/0x150 [ 68.710223][ T9094] kasan_slab_free+0xe/0x10 [ 68.714707][ T9094] kfree+0x10a/0x2c0 [ 68.718581][ T9094] tomoyo_supervisor+0xc2e/0xef0 [ 68.723496][ T9094] tomoyo_env_perm+0x18e/0x210 [ 68.728238][ T9094] tomoyo_find_next_domain+0x1354/0x1f6c [ 68.733850][ T9094] tomoyo_bprm_check_security+0x124/0x1b0 [ 68.739549][ T9094] security_bprm_check+0x63/0xb0 [ 68.744469][ T9094] search_binary_handler+0x71/0x570 [ 68.749646][ T9094] __do_execve_file.isra.0+0x1333/0x2340 [ 68.755341][ T9094] __x64_sys_execve+0x8f/0xc0 [ 68.759997][ T9094] do_syscall_64+0xfd/0x6a0 [ 68.764495][ T9094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.770362][ T9094] [ 68.772706][ T9094] The buggy address belongs to the object at ffff88809fb2ec80 [ 68.772706][ T9094] which belongs to the cache kmalloc-32 of size 32 [ 68.786565][ T9094] The buggy address is located 28 bytes to the right of [ 68.786565][ T9094] 32-byte region [ffff88809fb2ec80, ffff88809fb2eca0) [ 68.800333][ T9094] The buggy address belongs to the page: [ 68.805948][ T9094] page:ffffea00027ecb80 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809fb2efc1 [ 68.816348][ T9094] flags: 0x1fffc0000000200(slab) [ 68.821287][ T9094] raw: 01fffc0000000200 ffffea00029ee808 ffffea0002625188 ffff8880aa4001c0 [ 68.829858][ T9094] raw: ffff88809fb2efc1 ffff88809fb2e000 000000010000003f 0000000000000000 [ 68.838419][ T9094] page dumped because: kasan: bad access detected [ 68.844804][ T9094] [ 68.847111][ T9094] Memory state around the buggy address: [ 68.852723][ T9094] ffff88809fb2eb80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 68.860763][ T9094] ffff88809fb2ec00: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 68.868801][ T9094] >ffff88809fb2ec80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 68.876842][ T9094] ^ [ 68.882742][ T9094] ffff88809fb2ed00: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 68.890786][ T9094] ffff88809fb2ed80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 68.898840][ T9094] ================================================================== [ 68.906894][ T9094] Disabling lock debugging due to kernel taint [ 68.913843][ T9094] Kernel panic - not syncing: panic_on_warn set ... [ 68.920450][ T9094] CPU: 1 PID: 9094 Comm: syz-executor695 Tainted: G B 5.2.0+ #41 [ 68.929444][ T9094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.939612][ T9094] Call Trace: [ 68.942887][ T9094] dump_stack+0x172/0x1f0 [ 68.947198][ T9094] panic+0x2dc/0x755 [ 68.951070][ T9094] ? add_taint.cold+0x16/0x16 [ 68.955723][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.960653][ T9094] ? preempt_schedule+0x4b/0x60 [ 68.965483][ T9094] ? ___preempt_schedule+0x16/0x18 [ 68.970573][ T9094] ? trace_hardirqs_on+0x5e/0x240 [ 68.975575][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.980492][ T9094] end_report+0x47/0x4f [ 68.984625][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 68.989571][ T9094] __kasan_report.cold+0xe/0x36 [ 68.994420][ T9094] ? __do_sys_bpf+0x970/0x42f0 [ 68.999168][ T9094] ? do_jit.isra.0+0x4c35/0x5630 [ 69.004083][ T9094] kasan_report+0x12/0x20 [ 69.008392][ T9094] __asan_report_load4_noabort+0x14/0x20 [ 69.014000][ T9094] do_jit.isra.0+0x4c35/0x5630 [ 69.018748][ T9094] ? jit_fill_hole+0x30/0x30 [ 69.023321][ T9094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.029543][ T9094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.035764][ T9094] ? rcu_read_lock_sched_held+0x110/0x130 [ 69.041474][ T9094] ? __kmalloc+0x60a/0x780 [ 69.045869][ T9094] ? kmem_cache_alloc_trace+0x397/0x790 [ 69.051483][ T9094] ? bpf_int_jit_compile+0x99c/0xda0 [ 69.056754][ T9094] bpf_int_jit_compile+0x374/0xda0 [ 69.061861][ T9094] ? do_jit.isra.0+0x5630/0x5630 [ 69.066783][ T9094] ? ktime_get_with_offset+0x13a/0x360 [ 69.072236][ T9094] ? lockdep_hardirqs_on+0x418/0x5d0 [ 69.077498][ T9094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.083717][ T9094] ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0 [ 69.089508][ T9094] ? __bpf_prog_run64+0xe0/0xe0 [ 69.094339][ T9094] bpf_prog_select_runtime+0x4cd/0x7d0 [ 69.099782][ T9094] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.106012][ T9094] ? bpf_obj_name_cpy+0x13f/0x190 [ 69.111038][ T9094] bpf_prog_load+0xe9b/0x1670 [ 69.115697][ T9094] ? bpf_prog_new_fd+0x60/0x60 [ 69.120446][ T9094] ? lock_downgrade+0x920/0x920 [ 69.125304][ T9094] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.131526][ T9094] ? security_bpf+0x8b/0xc0 [ 69.136021][ T9094] __do_sys_bpf+0xa46/0x42f0 [ 69.140594][ T9094] ? bpf_prog_load+0x1670/0x1670 [ 69.145506][ T9094] ? lock_downgrade+0x920/0x920 [ 69.150336][ T9094] ? __kasan_check_write+0x14/0x20 [ 69.155429][ T9094] ? up_read+0x159/0x570 [ 69.159656][ T9094] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.165090][ T9094] ? do_syscall_64+0x26/0x6a0 [ 69.169768][ T9094] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.175813][ T9094] ? do_syscall_64+0x26/0x6a0 [ 69.180473][ T9094] __x64_sys_bpf+0x73/0xb0 [ 69.184868][ T9094] do_syscall_64+0xfd/0x6a0 [ 69.189351][ T9094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.195215][ T9094] RIP: 0033:0x4402c9 [ 69.199086][ T9094] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.218669][ T9094] RSP: 002b:00007ffe175c59d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 69.227077][ T9094] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 69.235030][ T9094] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005 [ 69.242999][ T9094] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 69.250967][ T9094] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50 [ 69.259011][ T9094] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 69.268707][ T9094] Kernel Offset: disabled [ 69.273027][ T9094] Rebooting in 86400 seconds..