[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.816916][   T27] audit: type=1800 audit(1563680129.077:25): pid=8907 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   58.861411][   T27] audit: type=1800 audit(1563680129.087:26): pid=8907 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   58.898176][   T27] audit: type=1800 audit(1563680129.087:27): pid=8907 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   81.282365][ T9059] ==================================================================
[   81.290709][ T9059] BUG: KASAN: slab-out-of-bounds in do_jit.isra.0+0x4c35/0x5630
[   81.298317][ T9059] Read of size 4 at addr ffff8880a86937fc by task syz-executor106/9059
[   81.306521][ T9059] 
[   81.308829][ T9059] CPU: 0 PID: 9059 Comm: syz-executor106 Not tainted 5.2.0-next-20190718 #41
[   81.317559][ T9059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.327589][ T9059] Call Trace:
[   81.330971][ T9059]  dump_stack+0x172/0x1f0
[   81.335289][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.340206][ T9059]  print_address_description.cold+0xd4/0x306
[   81.346166][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.351149][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.356075][ T9059]  __kasan_report.cold+0x1b/0x36
[   81.360988][ T9059]  ? __do_sys_bpf+0x9c0/0x42f0
[   81.365724][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.370636][ T9059]  kasan_report+0x12/0x17
[   81.375017][ T9059]  __asan_report_load4_noabort+0x14/0x20
[   81.380683][ T9059]  do_jit.isra.0+0x4c35/0x5630
[   81.385447][ T9059]  ? jit_fill_hole+0x30/0x30
[   81.390023][ T9059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   81.396238][ T9059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   81.402457][ T9059]  ? rcu_read_lock_sched_held+0x110/0x130
[   81.408149][ T9059]  ? __kmalloc+0x608/0x770
[   81.412537][ T9059]  ? kmem_cache_alloc_trace+0x397/0x790
[   81.418055][ T9059]  ? bpf_int_jit_compile+0x99c/0xda0
[   81.423323][ T9059]  bpf_int_jit_compile+0x374/0xda0
[   81.428418][ T9059]  ? do_jit.isra.0+0x5630/0x5630
[   81.433335][ T9059]  ? ktime_get_with_offset+0x13a/0x350
[   81.438878][ T9059]  ? lockdep_hardirqs_on+0x418/0x5d0
[   81.444151][ T9059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   81.450376][ T9059]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   81.456160][ T9059]  ? __bpf_prog_run64+0xe0/0xe0
[   81.460996][ T9059]  bpf_prog_select_runtime+0x4cd/0x7d0
[   81.466442][ T9059]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   81.472654][ T9059]  ? bpf_obj_name_cpy+0x13f/0x190
[   81.477680][ T9059]  bpf_prog_load+0xe9b/0x1670
[   81.482354][ T9059]  ? bpf_prog_new_fd+0x60/0x60
[   81.487092][ T9059]  ? lock_downgrade+0x920/0x920
[   81.491931][ T9059]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   81.498178][ T9059]  ? security_bpf+0x8b/0xc0
[   81.502659][ T9059]  __do_sys_bpf+0xa46/0x42f0
[   81.507226][ T9059]  ? bpf_prog_load+0x1670/0x1670
[   81.512138][ T9059]  ? lock_downgrade+0x920/0x920
[   81.516982][ T9059]  ? __kasan_check_write+0x14/0x20
[   81.522071][ T9059]  ? up_read+0x159/0x570
[   81.526297][ T9059]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   81.531728][ T9059]  ? do_syscall_64+0x26/0x6a0
[   81.536381][ T9059]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.542429][ T9059]  ? do_syscall_64+0x26/0x6a0
[   81.547085][ T9059]  __x64_sys_bpf+0x73/0xb0
[   81.551490][ T9059]  do_syscall_64+0xfd/0x6a0
[   81.555980][ T9059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.561853][ T9059] RIP: 0033:0x4402c9
[   81.565720][ T9059] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   81.585398][ T9059] RSP: 002b:00007ffcdef2f958 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   81.593786][ T9059] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   81.601731][ T9059] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   81.609677][ T9059] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   81.617643][ T9059] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   81.625714][ T9059] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   81.633676][ T9059] 
[   81.635996][ T9059] Allocated by task 9059:
[   81.640316][ T9059]  save_stack+0x23/0x90
[   81.644446][ T9059]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   81.650062][ T9059]  kasan_kmalloc+0x9/0x10
[   81.654371][ T9059]  __kmalloc+0x163/0x770
[   81.658592][ T9059]  security_prepare_creds+0x11d/0x190
[   81.663938][ T9059]  prepare_creds+0x2f5/0x3f0
[   81.668597][ T9059]  prepare_exec_creds+0x12/0xf0
[   81.673453][ T9059]  __do_execve_file.isra.0+0x393/0x2340
[   81.679012][ T9059]  __x64_sys_execve+0x8f/0xc0
[   81.683683][ T9059]  do_syscall_64+0xfd/0x6a0
[   81.688161][ T9059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.694082][ T9059] 
[   81.696397][ T9059] Freed by task 8554:
[   81.700356][ T9059]  save_stack+0x23/0x90
[   81.704484][ T9059]  __kasan_slab_free+0x102/0x150
[   81.709396][ T9059]  kasan_slab_free+0xe/0x10
[   81.713877][ T9059]  kfree+0x10a/0x2c0
[   81.717785][ T9059]  tomoyo_path_perm+0x24e/0x430
[   81.722607][ T9059]  tomoyo_inode_getattr+0x1d/0x30
[   81.727670][ T9059]  security_inode_getattr+0xf2/0x150
[   81.732946][ T9059]  vfs_getattr+0x25/0x70
[   81.737317][ T9059]  vfs_statx_fd+0x71/0xc0
[   81.741620][ T9059]  __do_sys_newfstat+0x9b/0x120
[   81.746444][ T9059]  __x64_sys_newfstat+0x54/0x80
[   81.751294][ T9059]  do_syscall_64+0xfd/0x6a0
[   81.755781][ T9059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.761684][ T9059] 
[   81.763996][ T9059] The buggy address belongs to the object at ffff8880a86937c0
[   81.763996][ T9059]  which belongs to the cache kmalloc-32 of size 32
[   81.777858][ T9059] The buggy address is located 28 bytes to the right of
[   81.777858][ T9059]  32-byte region [ffff8880a86937c0, ffff8880a86937e0)
[   81.791815][ T9059] The buggy address belongs to the page:
[   81.797517][ T9059] page:ffffea0002a1a4c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a8693fc1
[   81.807916][ T9059] flags: 0x1fffc0000000200(slab)
[   81.812830][ T9059] raw: 01fffc0000000200 ffffea0002944688 ffffea00029f6188 ffff8880aa4001c0
[   81.821431][ T9059] raw: ffff8880a8693fc1 ffff8880a8693000 000000010000002d 0000000000000000
[   81.829993][ T9059] page dumped because: kasan: bad access detected
[   81.836383][ T9059] 
[   81.838686][ T9059] Memory state around the buggy address:
[   81.844379][ T9059]  ffff8880a8693680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   81.852428][ T9059]  ffff8880a8693700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   81.860464][ T9059] >ffff8880a8693780: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc
[   81.868503][ T9059]                                                                 ^
[   81.876460][ T9059]  ffff8880a8693800: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   81.884492][ T9059]  ffff8880a8693880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   81.892536][ T9059] ==================================================================
[   81.900565][ T9059] Disabling lock debugging due to kernel taint
[   81.907243][ T9059] Kernel panic - not syncing: panic_on_warn set ...
[   81.913818][ T9059] CPU: 0 PID: 9059 Comm: syz-executor106 Tainted: G    B             5.2.0-next-20190718 #41
[   81.923931][ T9059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.934153][ T9059] Call Trace:
[   81.937445][ T9059]  dump_stack+0x172/0x1f0
[   81.941748][ T9059]  panic+0x2dc/0x755
[   81.945613][ T9059]  ? add_taint.cold+0x16/0x16
[   81.950259][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.955165][ T9059]  ? preempt_schedule+0x4b/0x60
[   81.960020][ T9059]  ? ___preempt_schedule+0x16/0x18
[   81.965102][ T9059]  ? trace_hardirqs_on+0x5e/0x240
[   81.970097][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.975005][ T9059]  end_report+0x47/0x4f
[   81.979147][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.984051][ T9059]  __kasan_report.cold+0xe/0x36
[   81.988904][ T9059]  ? __do_sys_bpf+0x9c0/0x42f0
[   81.993650][ T9059]  ? do_jit.isra.0+0x4c35/0x5630
[   81.998675][ T9059]  kasan_report+0x12/0x17
[   82.002988][ T9059]  __asan_report_load4_noabort+0x14/0x20
[   82.008599][ T9059]  do_jit.isra.0+0x4c35/0x5630
[   82.013342][ T9059]  ? jit_fill_hole+0x30/0x30
[   82.017908][ T9059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.024117][ T9059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.030339][ T9059]  ? rcu_read_lock_sched_held+0x110/0x130
[   82.036032][ T9059]  ? __kmalloc+0x608/0x770
[   82.040451][ T9059]  ? kmem_cache_alloc_trace+0x397/0x790
[   82.045965][ T9059]  ? bpf_int_jit_compile+0x99c/0xda0
[   82.051288][ T9059]  bpf_int_jit_compile+0x374/0xda0
[   82.056381][ T9059]  ? do_jit.isra.0+0x5630/0x5630
[   82.061289][ T9059]  ? ktime_get_with_offset+0x13a/0x350
[   82.066719][ T9059]  ? lockdep_hardirqs_on+0x418/0x5d0
[   82.072032][ T9059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.078253][ T9059]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   82.084030][ T9059]  ? __bpf_prog_run64+0xe0/0xe0
[   82.088850][ T9059]  bpf_prog_select_runtime+0x4cd/0x7d0
[   82.094278][ T9059]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   82.100487][ T9059]  ? bpf_obj_name_cpy+0x13f/0x190
[   82.105485][ T9059]  bpf_prog_load+0xe9b/0x1670
[   82.110149][ T9059]  ? bpf_prog_new_fd+0x60/0x60
[   82.114890][ T9059]  ? lock_downgrade+0x920/0x920
[   82.119718][ T9059]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   82.125927][ T9059]  ? security_bpf+0x8b/0xc0
[   82.130401][ T9059]  __do_sys_bpf+0xa46/0x42f0
[   82.134977][ T9059]  ? bpf_prog_load+0x1670/0x1670
[   82.139881][ T9059]  ? lock_downgrade+0x920/0x920
[   82.144707][ T9059]  ? __kasan_check_write+0x14/0x20
[   82.149787][ T9059]  ? up_read+0x159/0x570
[   82.154013][ T9059]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   82.159446][ T9059]  ? do_syscall_64+0x26/0x6a0
[   82.164093][ T9059]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.170132][ T9059]  ? do_syscall_64+0x26/0x6a0
[   82.174798][ T9059]  __x64_sys_bpf+0x73/0xb0
[   82.179186][ T9059]  do_syscall_64+0xfd/0x6a0
[   82.183705][ T9059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.189679][ T9059] RIP: 0033:0x4402c9
[   82.193551][ T9059] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.213123][ T9059] RSP: 002b:00007ffcdef2f958 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   82.221505][ T9059] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   82.229545][ T9059] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   82.237502][ T9059] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   82.245447][ T9059] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   82.253394][ T9059] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   82.262246][ T9059] Kernel Offset: disabled
[   82.266563][ T9059] Rebooting in 86400 seconds..