[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   71.810406][   T27] audit: type=1800 audit(1578729821.848:25): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   71.830110][   T27] audit: type=1800 audit(1578729821.848:26): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   71.851934][   T27] audit: type=1800 audit(1578729821.848:27): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   79.895678][ T9591] ==================================================================
[   79.903906][ T9591] BUG: KASAN: slab-out-of-bounds in mpol_parse_str+0x87b/0xa50
[   79.911454][ T9591] Write of size 1 at addr ffff8880a4513abf by task syz-executor950/9591
[   79.919773][ T9591] 
[   79.922110][ T9591] CPU: 0 PID: 9591 Comm: syz-executor950 Not tainted 5.5.0-rc5-syzkaller #0
[   79.930772][ T9591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.940808][ T9591] Call Trace:
[   79.944080][ T9591]  dump_stack+0x197/0x210
[   79.948433][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   79.953264][ T9591]  print_address_description.constprop.0.cold+0xd4/0x30b
[   79.960263][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   79.965089][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   79.969919][ T9591]  __kasan_report.cold+0x1b/0x41
[   79.974834][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   79.979675][ T9591]  kasan_report+0x12/0x20
[   79.983984][ T9591]  __asan_report_store1_noabort+0x17/0x20
[   79.989679][ T9591]  mpol_parse_str+0x87b/0xa50
[   79.994333][ T9591]  ? numa_default_policy+0x20/0x20
[   79.999426][ T9591]  shmem_parse_one+0x71e/0xa40
[   80.004163][ T9591]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   80.009947][ T9591]  ? shmem_parse_options+0x250/0x250
[   80.015212][ T9591]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   80.020911][ T9591]  ? __lookup_constant+0xd6/0x100
[   80.025910][ T9591]  ? shmem_parse_options+0x250/0x250
[   80.031304][ T9591]  vfs_parse_fs_param+0x2ca/0x540
[   80.036344][ T9591]  vfs_parse_fs_string+0x105/0x170
[   80.041452][ T9591]  ? vfs_parse_fs_param+0x540/0x540
[   80.046628][ T9591]  ? kfree+0x28b/0x2c0
[   80.050686][ T9591]  ? vfs_parse_fs_string+0x116/0x170
[   80.055946][ T9591]  ? vfs_parse_fs_param+0x540/0x540
[   80.061124][ T9591]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[   80.066741][ T9591]  shmem_parse_options+0x168/0x250
[   80.071844][ T9591]  ? shmem_put_super+0xe0/0xe0
[   80.076588][ T9591]  parse_monolithic_mount_data+0x69/0x90
[   80.082198][ T9591]  do_mount+0x1310/0x1b50
[   80.086508][ T9591]  ? copy_mount_string+0x40/0x40
[   80.091423][ T9591]  ? copy_mount_options+0x241/0x3f0
[   80.096600][ T9591]  ? copy_mount_options+0x260/0x3f0
[   80.101786][ T9591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   80.108017][ T9591]  ? copy_mount_options+0x2e8/0x3f0
[   80.113206][ T9591]  __x64_sys_mount+0x192/0x230
[   80.117972][ T9591]  do_syscall_64+0xfa/0x790
[   80.122452][ T9591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.128320][ T9591] RIP: 0033:0x446a9a
[   80.132206][ T9591] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d ae fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a ae fb ff c3 66 0f 1f 84 00 00 00 00 00
[   80.151975][ T9591] RSP: 002b:00007fffb59b03c8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
[   80.160367][ T9591] RAX: ffffffffffffffda RBX: 00007fffb59b03d0 RCX: 0000000000446a9a
[   80.168369][ T9591] RDX: 00007fffb59b03d0 RSI: 00000000200000c0 RDI: 00007fffb59b03f0
[   80.176323][ T9591] RBP: 0000000000000003 R08: 00007fffb59b0430 R09: 000000000000000a
[   80.184271][ T9591] R10: 0000000000000000 R11: 0000000000000297 R12: 00007fffb59b0430
[   80.192229][ T9591] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
[   80.200186][ T9591] 
[   80.202490][ T9591] Allocated by task 9564:
[   80.206892][ T9591]  save_stack+0x23/0x90
[   80.211034][ T9591]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   80.216643][ T9591]  kasan_kmalloc+0x9/0x10
[   80.220966][ T9591]  __kmalloc+0x163/0x770
[   80.225203][ T9591]  tomoyo_supervisor+0xd3e/0xef0
[   80.230126][ T9591]  tomoyo_path_permission+0x263/0x360
[   80.235484][ T9591]  tomoyo_path_perm+0x318/0x430
[   80.240355][ T9591]  tomoyo_inode_getattr+0x1d/0x30
[   80.245354][ T9591]  security_inode_getattr+0xf2/0x150
[   80.250655][ T9591]  vfs_getattr+0x25/0x70
[   80.254873][ T9591]  vfs_statx_fd+0x71/0xc0
[   80.259178][ T9591]  __do_sys_newfstat+0x9b/0x120
[   80.264006][ T9591]  __x64_sys_newfstat+0x54/0x80
[   80.268835][ T9591]  do_syscall_64+0xfa/0x790
[   80.273318][ T9591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.279180][ T9591] 
[   80.281484][ T9591] Freed by task 9564:
[   80.285442][ T9591]  save_stack+0x23/0x90
[   80.289610][ T9591]  __kasan_slab_free+0x102/0x150
[   80.294523][ T9591]  kasan_slab_free+0xe/0x10
[   80.299001][ T9591]  kfree+0x10a/0x2c0
[   80.302872][ T9591]  tomoyo_supervisor+0xc2c/0xef0
[   80.307784][ T9591]  tomoyo_path_permission+0x263/0x360
[   80.313132][ T9591]  tomoyo_path_perm+0x318/0x430
[   80.317984][ T9591]  tomoyo_inode_getattr+0x1d/0x30
[   80.322983][ T9591]  security_inode_getattr+0xf2/0x150
[   80.328242][ T9591]  vfs_getattr+0x25/0x70
[   80.332460][ T9591]  vfs_statx_fd+0x71/0xc0
[   80.336797][ T9591]  __do_sys_newfstat+0x9b/0x120
[   80.341633][ T9591]  __x64_sys_newfstat+0x54/0x80
[   80.346470][ T9591]  do_syscall_64+0xfa/0x790
[   80.350950][ T9591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.356915][ T9591] 
[   80.359234][ T9591] The buggy address belongs to the object at ffff8880a4513a80
[   80.359234][ T9591]  which belongs to the cache kmalloc-32 of size 32
[   80.373087][ T9591] The buggy address is located 31 bytes to the right of
[   80.373087][ T9591]  32-byte region [ffff8880a4513a80, ffff8880a4513aa0)
[   80.386675][ T9591] The buggy address belongs to the page:
[   80.392282][ T9591] page:ffffea00029144c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a4513fc1
[   80.402669][ T9591] raw: 00fffe0000000200 ffffea0002a2e388 ffffea0002581cc8 ffff8880aa4001c0
[   80.411231][ T9591] raw: ffff8880a4513fc1 ffff8880a4513000 0000000100000028 0000000000000000
[   80.419959][ T9591] page dumped because: kasan: bad access detected
[   80.426343][ T9591] 
[   80.428660][ T9591] Memory state around the buggy address:
[   80.434266][ T9591]  ffff8880a4513980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   80.442301][ T9591]  ffff8880a4513a00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   80.450346][ T9591] >ffff8880a4513a80: fb fb fb fb fc fc fc fc 00 05 fc fc fc fc fc fc
[   80.458390][ T9591]                                         ^
[   80.464256][ T9591]  ffff8880a4513b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   80.472292][ T9591]  ffff8880a4513b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   80.480347][ T9591] ==================================================================
[   80.488380][ T9591] Disabling lock debugging due to kernel taint
[   80.495197][ T9591] Kernel panic - not syncing: panic_on_warn set ...
[   80.501779][ T9591] CPU: 0 PID: 9591 Comm: syz-executor950 Tainted: G    B             5.5.0-rc5-syzkaller #0
[   80.511818][ T9591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.521852][ T9591] Call Trace:
[   80.525123][ T9591]  dump_stack+0x197/0x210
[   80.529430][ T9591]  panic+0x2e3/0x75c
[   80.533302][ T9591]  ? add_taint.cold+0x16/0x16
[   80.537967][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   80.542791][ T9591]  ? preempt_schedule+0x4b/0x60
[   80.547618][ T9591]  ? ___preempt_schedule+0x16/0x18
[   80.552705][ T9591]  ? trace_hardirqs_on+0x5e/0x240
[   80.557717][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   80.562546][ T9591]  end_report+0x47/0x4f
[   80.566686][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   80.571526][ T9591]  __kasan_report.cold+0xe/0x41
[   80.576361][ T9591]  ? mpol_parse_str+0x87b/0xa50
[   80.581188][ T9591]  kasan_report+0x12/0x20
[   80.585497][ T9591]  __asan_report_store1_noabort+0x17/0x20
[   80.591198][ T9591]  mpol_parse_str+0x87b/0xa50
[   80.595855][ T9591]  ? numa_default_policy+0x20/0x20
[   80.600984][ T9591]  shmem_parse_one+0x71e/0xa40
[   80.605725][ T9591]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   80.611506][ T9591]  ? shmem_parse_options+0x250/0x250
[   80.616798][ T9591]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   80.622521][ T9591]  ? __lookup_constant+0xd6/0x100
[   80.627519][ T9591]  ? shmem_parse_options+0x250/0x250
[   80.632791][ T9591]  vfs_parse_fs_param+0x2ca/0x540
[   80.637800][ T9591]  vfs_parse_fs_string+0x105/0x170
[   80.642889][ T9591]  ? vfs_parse_fs_param+0x540/0x540
[   80.648070][ T9591]  ? kfree+0x28b/0x2c0
[   80.652119][ T9591]  ? vfs_parse_fs_string+0x116/0x170
[   80.657431][ T9591]  ? vfs_parse_fs_param+0x540/0x540
[   80.662643][ T9591]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[   80.668252][ T9591]  shmem_parse_options+0x168/0x250
[   80.673337][ T9591]  ? shmem_put_super+0xe0/0xe0
[   80.678125][ T9591]  parse_monolithic_mount_data+0x69/0x90
[   80.683732][ T9591]  do_mount+0x1310/0x1b50
[   80.688037][ T9591]  ? copy_mount_string+0x40/0x40
[   80.692952][ T9591]  ? copy_mount_options+0x241/0x3f0
[   80.698125][ T9591]  ? copy_mount_options+0x260/0x3f0
[   80.703331][ T9591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   80.709547][ T9591]  ? copy_mount_options+0x2e8/0x3f0
[   80.714720][ T9591]  __x64_sys_mount+0x192/0x230
[   80.719462][ T9591]  do_syscall_64+0xfa/0x790
[   80.723942][ T9591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.729814][ T9591] RIP: 0033:0x446a9a
[   80.733684][ T9591] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d ae fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a ae fb ff c3 66 0f 1f 84 00 00 00 00 00
[   80.753260][ T9591] RSP: 002b:00007fffb59b03c8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
[   80.761645][ T9591] RAX: ffffffffffffffda RBX: 00007fffb59b03d0 RCX: 0000000000446a9a
[   80.769601][ T9591] RDX: 00007fffb59b03d0 RSI: 00000000200000c0 RDI: 00007fffb59b03f0
[   80.777592][ T9591] RBP: 0000000000000003 R08: 00007fffb59b0430 R09: 000000000000000a
[   80.785538][ T9591] R10: 0000000000000000 R11: 0000000000000297 R12: 00007fffb59b0430
[   80.793484][ T9591] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
[   80.802693][ T9591] Kernel Offset: disabled
[   80.807065][ T9591] Rebooting in 86400 seconds..