[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   61.145437][   T26] audit: type=1800 audit(1563679284.219:25): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   61.184276][   T26] audit: type=1800 audit(1563679284.219:26): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   61.244141][   T26] audit: type=1800 audit(1563679284.219:27): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   76.100310][ T9196] ==================================================================
[   76.108503][ T9196] BUG: KASAN: slab-out-of-bounds in do_jit.isra.0+0x4c35/0x5630
[   76.116317][ T9196] Read of size 4 at addr ffff8880a1a8783c by task syz-executor377/9196
[   76.124530][ T9196] 
[   76.126850][ T9196] CPU: 0 PID: 9196 Comm: syz-executor377 Not tainted 5.2.0+ #37
[   76.134524][ T9196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.144678][ T9196] Call Trace:
[   76.147956][ T9196]  dump_stack+0x172/0x1f0
[   76.152269][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.157340][ T9196]  print_address_description.cold+0xd4/0x306
[   76.163299][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.168224][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.173194][ T9196]  __kasan_report.cold+0x1b/0x36
[   76.178124][ T9196]  ? __do_sys_bpf+0x970/0x42f0
[   76.182894][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.187820][ T9196]  kasan_report+0x12/0x20
[   76.192136][ T9196]  __asan_report_load4_noabort+0x14/0x20
[   76.197762][ T9196]  do_jit.isra.0+0x4c35/0x5630
[   76.202522][ T9196]  ? jit_fill_hole+0x30/0x30
[   76.207206][ T9196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.213444][ T9196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.219673][ T9196]  ? rcu_read_lock_sched_held+0x110/0x130
[   76.225378][ T9196]  ? __kmalloc+0x60a/0x780
[   76.229771][ T9196]  ? kmem_cache_alloc_trace+0x397/0x790
[   76.235301][ T9196]  ? bpf_int_jit_compile+0x99c/0xda0
[   76.240672][ T9196]  bpf_int_jit_compile+0x374/0xda0
[   76.245778][ T9196]  ? do_jit.isra.0+0x5630/0x5630
[   76.250700][ T9196]  ? ktime_get_with_offset+0x13a/0x360
[   76.256153][ T9196]  ? lockdep_hardirqs_on+0x418/0x5d0
[   76.261468][ T9196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.267873][ T9196]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   76.273681][ T9196]  ? __bpf_prog_run64+0xe0/0xe0
[   76.278522][ T9196]  bpf_prog_select_runtime+0x4cd/0x7d0
[   76.283971][ T9196]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   76.290212][ T9196]  ? bpf_obj_name_cpy+0x13f/0x190
[   76.295231][ T9196]  bpf_prog_load+0xe9b/0x1670
[   76.299913][ T9196]  ? bpf_prog_new_fd+0x60/0x60
[   76.304675][ T9196]  ? lock_downgrade+0x920/0x920
[   76.309522][ T9196]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.315835][ T9196]  ? security_bpf+0x8b/0xc0
[   76.320373][ T9196]  __do_sys_bpf+0xa46/0x42f0
[   76.324974][ T9196]  ? bpf_prog_load+0x1670/0x1670
[   76.329900][ T9196]  ? lock_downgrade+0x920/0x920
[   76.334748][ T9196]  ? __kasan_check_write+0x14/0x20
[   76.339846][ T9196]  ? up_read+0x159/0x570
[   76.344086][ T9196]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.349636][ T9196]  ? do_syscall_64+0x26/0x6a0
[   76.354455][ T9196]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.360504][ T9196]  ? do_syscall_64+0x26/0x6a0
[   76.365228][ T9196]  __x64_sys_bpf+0x73/0xb0
[   76.369697][ T9196]  do_syscall_64+0xfd/0x6a0
[   76.374203][ T9196]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.380077][ T9196] RIP: 0033:0x4402c9
[   76.383995][ T9196] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   76.403584][ T9196] RSP: 002b:00007ffd5e0fbe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   76.411974][ T9196] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   76.420464][ T9196] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   76.428527][ T9196] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   76.436494][ T9196] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   76.444617][ T9196] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   76.452582][ T9196] 
[   76.454953][ T9196] Allocated by task 8603:
[   76.459279][ T9196]  save_stack+0x23/0x90
[   76.463416][ T9196]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   76.469071][ T9196]  kasan_kmalloc+0x9/0x10
[   76.473391][ T9196]  __kmalloc+0x163/0x780
[   76.477863][ T9196]  tomoyo_supervisor+0xd40/0xef0
[   76.482913][ T9196]  tomoyo_path_number_perm+0x42f/0x520
[   76.488357][ T9196]  tomoyo_file_ioctl+0x23/0x30
[   76.493108][ T9196]  security_file_ioctl+0x77/0xc0
[   76.498181][ T9196]  ksys_ioctl+0x57/0xd0
[   76.502321][ T9196]  __x64_sys_ioctl+0x73/0xb0
[   76.506894][ T9196]  do_syscall_64+0xfd/0x6a0
[   76.511379][ T9196]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.517243][ T9196] 
[   76.519546][ T9196] Freed by task 8603:
[   76.523501][ T9196]  save_stack+0x23/0x90
[   76.527654][ T9196]  __kasan_slab_free+0x102/0x150
[   76.532570][ T9196]  kasan_slab_free+0xe/0x10
[   76.537151][ T9196]  kfree+0x10a/0x2c0
[   76.541038][ T9196]  tomoyo_supervisor+0xc2e/0xef0
[   76.546295][ T9196]  tomoyo_path_number_perm+0x42f/0x520
[   76.551730][ T9196]  tomoyo_file_ioctl+0x23/0x30
[   76.556521][ T9196]  security_file_ioctl+0x77/0xc0
[   76.561452][ T9196]  ksys_ioctl+0x57/0xd0
[   76.565642][ T9196]  __x64_sys_ioctl+0x73/0xb0
[   76.570375][ T9196]  do_syscall_64+0xfd/0x6a0
[   76.574872][ T9196]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.580804][ T9196] 
[   76.583121][ T9196] The buggy address belongs to the object at ffff8880a1a87800
[   76.583121][ T9196]  which belongs to the cache kmalloc-32 of size 32
[   76.596985][ T9196] The buggy address is located 28 bytes to the right of
[   76.596985][ T9196]  32-byte region [ffff8880a1a87800, ffff8880a1a87820)
[   76.610918][ T9196] The buggy address belongs to the page:
[   76.616541][ T9196] page:ffffea000286a1c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a1a87fc1
[   76.627122][ T9196] flags: 0x1fffc0000000200(slab)
[   76.632044][ T9196] raw: 01fffc0000000200 ffffea0002802788 ffffea00028fd588 ffff8880aa4001c0
[   76.640672][ T9196] raw: ffff8880a1a87fc1 ffff8880a1a87000 000000010000003c 0000000000000000
[   76.649514][ T9196] page dumped because: kasan: bad access detected
[   76.663047][ T9196] 
[   76.665364][ T9196] Memory state around the buggy address:
[   76.670988][ T9196]  ffff8880a1a87700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   76.679031][ T9196]  ffff8880a1a87780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   76.687075][ T9196] >ffff8880a1a87800: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[   76.695294][ T9196]                                         ^
[   76.701172][ T9196]  ffff8880a1a87880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   76.709217][ T9196]  ffff8880a1a87900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   76.717299][ T9196] ==================================================================
[   76.725343][ T9196] Disabling lock debugging due to kernel taint
[   76.731929][ T9196] Kernel panic - not syncing: panic_on_warn set ...
[   76.738511][ T9196] CPU: 0 PID: 9196 Comm: syz-executor377 Tainted: G    B             5.2.0+ #37
[   76.747739][ T9196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.757825][ T9196] Call Trace:
[   76.761111][ T9196]  dump_stack+0x172/0x1f0
[   76.765440][ T9196]  panic+0x2dc/0x755
[   76.769318][ T9196]  ? add_taint.cold+0x16/0x16
[   76.774158][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.779142][ T9196]  ? preempt_schedule+0x4b/0x60
[   76.784050][ T9196]  ? ___preempt_schedule+0x16/0x18
[   76.789155][ T9196]  ? trace_hardirqs_on+0x5e/0x240
[   76.794269][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.799200][ T9196]  end_report+0x47/0x4f
[   76.803451][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.808383][ T9196]  __kasan_report.cold+0xe/0x36
[   76.813221][ T9196]  ? __do_sys_bpf+0x970/0x42f0
[   76.817973][ T9196]  ? do_jit.isra.0+0x4c35/0x5630
[   76.822895][ T9196]  kasan_report+0x12/0x20
[   76.827210][ T9196]  __asan_report_load4_noabort+0x14/0x20
[   76.832830][ T9196]  do_jit.isra.0+0x4c35/0x5630
[   76.837847][ T9196]  ? jit_fill_hole+0x30/0x30
[   76.842429][ T9196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.848663][ T9196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.855589][ T9196]  ? rcu_read_lock_sched_held+0x110/0x130
[   76.861299][ T9196]  ? __kmalloc+0x60a/0x780
[   76.865719][ T9196]  ? kmem_cache_alloc_trace+0x397/0x790
[   76.871260][ T9196]  ? bpf_int_jit_compile+0x99c/0xda0
[   76.876529][ T9196]  bpf_int_jit_compile+0x374/0xda0
[   76.881636][ T9196]  ? do_jit.isra.0+0x5630/0x5630
[   76.886564][ T9196]  ? ktime_get_with_offset+0x13a/0x360
[   76.892267][ T9196]  ? lockdep_hardirqs_on+0x418/0x5d0
[   76.897548][ T9196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.903782][ T9196]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   76.909619][ T9196]  ? __bpf_prog_run64+0xe0/0xe0
[   76.914712][ T9196]  bpf_prog_select_runtime+0x4cd/0x7d0
[   76.920160][ T9196]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   76.926381][ T9196]  ? bpf_obj_name_cpy+0x13f/0x190
[   76.931519][ T9196]  bpf_prog_load+0xe9b/0x1670
[   76.936283][ T9196]  ? bpf_prog_new_fd+0x60/0x60
[   76.941045][ T9196]  ? lock_downgrade+0x920/0x920
[   76.946166][ T9196]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.952449][ T9196]  ? security_bpf+0x8b/0xc0
[   76.956983][ T9196]  __do_sys_bpf+0xa46/0x42f0
[   76.961566][ T9196]  ? bpf_prog_load+0x1670/0x1670
[   76.966488][ T9196]  ? lock_downgrade+0x920/0x920
[   76.971327][ T9196]  ? __kasan_check_write+0x14/0x20
[   76.976422][ T9196]  ? up_read+0x159/0x570
[   76.980663][ T9196]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.986314][ T9196]  ? do_syscall_64+0x26/0x6a0
[   76.992750][ T9196]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.998854][ T9196]  ? do_syscall_64+0x26/0x6a0
[   77.003531][ T9196]  __x64_sys_bpf+0x73/0xb0
[   77.007942][ T9196]  do_syscall_64+0xfd/0x6a0
[   77.012446][ T9196]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.018585][ T9196] RIP: 0033:0x4402c9
[   77.022596][ T9196] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.042396][ T9196] RSP: 002b:00007ffd5e0fbe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   77.050811][ T9196] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   77.058917][ T9196] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   77.067138][ T9196] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   77.075114][ T9196] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   77.083096][ T9196] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   77.092080][ T9196] Kernel Offset: disabled
[   77.096463][ T9196] Rebooting in 86400 seconds..