[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   56.285260][   T24] audit: type=1800 audit(1563679584.836:25): pid=8625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   56.305225][   T24] audit: type=1800 audit(1563679584.836:26): pid=8625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   56.325484][   T24] audit: type=1800 audit(1563679584.836:27): pid=8625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   68.220607][ T8779] ==================================================================
[   68.228752][ T8779] BUG: KASAN: slab-out-of-bounds in do_jit.isra.0+0x4c35/0x5630
[   68.236376][ T8779] Read of size 4 at addr ffff8880a7a24cbc by task syz-executor476/8779
[   68.244685][ T8779] 
[   68.246995][ T8779] CPU: 0 PID: 8779 Comm: syz-executor476 Not tainted 5.2.0+ #71
[   68.254599][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.264629][ T8779] Call Trace:
[   68.267910][ T8779]  dump_stack+0x16f/0x1f0
[   68.272217][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.277149][ T8779]  print_address_description.cold+0xd4/0x306
[   68.283114][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.288038][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.292965][ T8779]  __kasan_report.cold+0x1b/0x36
[   68.297933][ T8779]  ? bpf_prog_get_ok+0x110/0x140
[   68.303003][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.308068][ T8779]  kasan_report+0x12/0x17
[   68.312397][ T8779]  __asan_report_load4_noabort+0x14/0x20
[   68.318010][ T8779]  do_jit.isra.0+0x4c35/0x5630
[   68.322755][ T8779]  ? jit_fill_hole+0x30/0x30
[   68.327339][ T8779]  ? rcu_read_lock_sched_held+0x110/0x130
[   68.333041][ T8779]  ? __kmalloc+0x5ea/0x760
[   68.337433][ T8779]  ? kmem_cache_alloc_trace+0x37c/0x770
[   68.342956][ T8779]  ? bpf_int_jit_compile+0x9a1/0xda5
[   68.348226][ T8779]  bpf_int_jit_compile+0x379/0xda5
[   68.353320][ T8779]  ? do_jit.isra.0+0x5630/0x5630
[   68.358282][ T8779]  ? ktime_get_with_offset+0x13a/0x350
[   68.363735][ T8779]  ? lockdep_hardirqs_on+0x418/0x5d0
[   68.369165][ T8779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   68.375455][ T8779]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   68.381243][ T8779]  ? __bpf_prog_run64+0xe0/0xe0
[   68.386230][ T8779]  bpf_prog_select_runtime+0x4cd/0x7d0
[   68.391680][ T8779]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   68.397908][ T8779]  ? bpf_obj_name_cpy+0x13f/0x190
[   68.402922][ T8779]  bpf_prog_load+0xe9b/0x1640
[   68.407593][ T8779]  ? bpf_prog_new_fd+0x60/0x60
[   68.412343][ T8779]  ? trace_hardirqs_on+0x67/0x220
[   68.417362][ T8779]  ? lock_downgrade+0x920/0x920
[   68.422203][ T8779]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   68.428422][ T8779]  ? security_bpf+0x8b/0xc0
[   68.432913][ T8779]  __do_sys_bpf+0xa23/0x4240
[   68.437495][ T8779]  ? bpf_prog_load+0x1640/0x1640
[   68.442413][ T8779]  ? lock_downgrade+0x920/0x920
[   68.447251][ T8779]  ? __kasan_check_write+0x14/0x20
[   68.452354][ T8779]  ? up_read+0x159/0x570
[   68.456629][ T8779]  ? trace_hardirqs_on_thunk+0x1a/0x20
[   68.462079][ T8779]  ? do_syscall_64+0x26/0x6a0
[   68.466740][ T8779]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.472789][ T8779]  ? do_syscall_64+0x26/0x6a0
[   68.477457][ T8779]  __x64_sys_bpf+0x73/0xb0
[   68.481860][ T8779]  do_syscall_64+0xfd/0x6a0
[   68.486392][ T8779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.492266][ T8779] RIP: 0033:0x4402c9
[   68.496137][ T8779] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   68.515842][ T8779] RSP: 002b:00007ffe6d6fe968 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   68.524235][ T8779] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   68.532187][ T8779] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   68.540313][ T8779] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   68.548276][ T8779] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   68.556269][ T8779] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   68.564234][ T8779] 
[   68.566543][ T8779] Allocated by task 3802:
[   68.570858][ T8779]  save_stack+0x23/0x90
[   68.574992][ T8779]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   68.580641][ T8779]  kasan_kmalloc+0x9/0x10
[   68.584961][ T8779]  __kmalloc+0x163/0x760
[   68.589193][ T8779]  tomoyo_encode2.part.0+0xf5/0x400
[   68.594504][ T8779]  tomoyo_encode+0x2b/0x50
[   68.598898][ T8779]  tomoyo_realpath_from_path+0x1d3/0x7b0
[   68.604512][ T8779]  tomoyo_path_number_perm+0x1dd/0x520
[   68.609953][ T8779]  tomoyo_file_ioctl+0x23/0x30
[   68.614699][ T8779]  security_file_ioctl+0x77/0xc0
[   68.619715][ T8779]  ksys_ioctl+0x57/0xd0
[   68.623858][ T8779]  __x64_sys_ioctl+0x73/0xb0
[   68.628444][ T8779]  do_syscall_64+0xfd/0x6a0
[   68.632929][ T8779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.638798][ T8779] 
[   68.641119][ T8779] Freed by task 3802:
[   68.645086][ T8779]  save_stack+0x23/0x90
[   68.649222][ T8779]  __kasan_slab_free+0x102/0x150
[   68.654146][ T8779]  kasan_slab_free+0xe/0x10
[   68.658757][ T8779]  kfree+0x10a/0x2a0
[   68.662642][ T8779]  tomoyo_path_number_perm+0x459/0x520
[   68.668321][ T8779]  tomoyo_file_ioctl+0x23/0x30
[   68.673171][ T8779]  security_file_ioctl+0x77/0xc0
[   68.678140][ T8779]  ksys_ioctl+0x57/0xd0
[   68.682274][ T8779]  __x64_sys_ioctl+0x73/0xb0
[   68.686890][ T8779]  do_syscall_64+0xfd/0x6a0
[   68.691496][ T8779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.697365][ T8779] 
[   68.699676][ T8779] The buggy address belongs to the object at ffff8880a7a24c80
[   68.699676][ T8779]  which belongs to the cache kmalloc-32 of size 32
[   68.713895][ T8779] The buggy address is located 28 bytes to the right of
[   68.713895][ T8779]  32-byte region [ffff8880a7a24c80, ffff8880a7a24ca0)
[   68.727512][ T8779] The buggy address belongs to the page:
[   68.733995][ T8779] page:ffffea00029e8900 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7a24fc1
[   68.744493][ T8779] flags: 0x1fffc0000000200(slab)
[   68.749423][ T8779] raw: 01fffc0000000200 ffffea00029a3488 ffffea0002912dc8 ffff8880aa4001c0
[   68.758037][ T8779] raw: ffff8880a7a24fc1 ffff8880a7a24000 0000000100000026 0000000000000000
[   68.766609][ T8779] page dumped because: kasan: bad access detected
[   68.773007][ T8779] 
[   68.775314][ T8779] Memory state around the buggy address:
[   68.780928][ T8779]  ffff8880a7a24b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   68.788970][ T8779]  ffff8880a7a24c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   68.797060][ T8779] >ffff8880a7a24c80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[   68.805329][ T8779]                                         ^
[   68.811208][ T8779]  ffff8880a7a24d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   68.819295][ T8779]  ffff8880a7a24d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   68.827346][ T8779] ==================================================================
[   68.835387][ T8779] Disabling lock debugging due to kernel taint
[   68.841682][ T8779] Kernel panic - not syncing: panic_on_warn set ...
[   68.848397][ T8779] CPU: 0 PID: 8779 Comm: syz-executor476 Tainted: G    B             5.2.0+ #71
[   68.857397][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.867436][ T8779] Call Trace:
[   68.870713][ T8779]  dump_stack+0x16f/0x1f0
[   68.875037][ T8779]  panic+0x2dc/0x755
[   68.878917][ T8779]  ? add_taint.cold+0x16/0x16
[   68.883570][ T8779]  ? retint_kernel+0x10/0x10
[   68.888179][ T8779]  ? trace_hardirqs_on+0x5e/0x220
[   68.893190][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.898149][ T8779]  end_report+0x47/0x4f
[   68.902295][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.907227][ T8779]  __kasan_report.cold+0xe/0x36
[   68.912111][ T8779]  ? bpf_prog_get_ok+0x110/0x140
[   68.917037][ T8779]  ? do_jit.isra.0+0x4c35/0x5630
[   68.921958][ T8779]  kasan_report+0x12/0x17
[   68.926272][ T8779]  __asan_report_load4_noabort+0x14/0x20
[   68.932043][ T8779]  do_jit.isra.0+0x4c35/0x5630
[   68.936800][ T8779]  ? jit_fill_hole+0x30/0x30
[   68.941378][ T8779]  ? rcu_read_lock_sched_held+0x110/0x130
[   68.947079][ T8779]  ? __kmalloc+0x5ea/0x760
[   68.951478][ T8779]  ? kmem_cache_alloc_trace+0x37c/0x770
[   68.957205][ T8779]  ? bpf_int_jit_compile+0x9a1/0xda5
[   68.962483][ T8779]  bpf_int_jit_compile+0x379/0xda5
[   68.967587][ T8779]  ? do_jit.isra.0+0x5630/0x5630
[   68.972543][ T8779]  ? ktime_get_with_offset+0x13a/0x350
[   68.978045][ T8779]  ? lockdep_hardirqs_on+0x418/0x5d0
[   68.983319][ T8779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   68.993485][ T8779]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   68.999339][ T8779]  ? __bpf_prog_run64+0xe0/0xe0
[   69.004177][ T8779]  bpf_prog_select_runtime+0x4cd/0x7d0
[   69.009660][ T8779]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   69.015887][ T8779]  ? bpf_obj_name_cpy+0x13f/0x190
[   69.020896][ T8779]  bpf_prog_load+0xe9b/0x1640
[   69.025557][ T8779]  ? bpf_prog_new_fd+0x60/0x60
[   69.030352][ T8779]  ? trace_hardirqs_on+0x67/0x220
[   69.035364][ T8779]  ? lock_downgrade+0x920/0x920
[   69.040265][ T8779]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   69.046492][ T8779]  ? security_bpf+0x8b/0xc0
[   69.050979][ T8779]  __do_sys_bpf+0xa23/0x4240
[   69.055590][ T8779]  ? bpf_prog_load+0x1640/0x1640
[   69.060508][ T8779]  ? lock_downgrade+0x920/0x920
[   69.065344][ T8779]  ? __kasan_check_write+0x14/0x20
[   69.070450][ T8779]  ? up_read+0x159/0x570
[   69.074677][ T8779]  ? trace_hardirqs_on_thunk+0x1a/0x20
[   69.080194][ T8779]  ? do_syscall_64+0x26/0x6a0
[   69.084855][ T8779]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.090894][ T8779]  ? do_syscall_64+0x26/0x6a0
[   69.095608][ T8779]  __x64_sys_bpf+0x73/0xb0
[   69.100004][ T8779]  do_syscall_64+0xfd/0x6a0
[   69.104495][ T8779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.110463][ T8779] RIP: 0033:0x4402c9
[   69.114341][ T8779] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   69.134337][ T8779] RSP: 002b:00007ffe6d6fe968 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   69.142733][ T8779] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   69.150789][ T8779] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   69.158904][ T8779] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   69.166870][ T8779] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   69.174945][ T8779] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   69.183622][ T8779] Kernel Offset: disabled
[   69.187941][ T8779] Rebooting in 86400 seconds..