[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.645055][   T27] audit: type=1800 audit(1563679230.224:25): pid=8723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   58.688822][   T27] audit: type=1800 audit(1563679230.234:26): pid=8723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   58.745443][   T27] audit: type=1800 audit(1563679230.234:27): pid=8723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   66.670818][ T8876] ==================================================================
[   66.678987][ T8876] BUG: KASAN: slab-out-of-bounds in do_jit.isra.0+0x4c35/0x5630
[   66.686607][ T8876] Read of size 4 at addr ffff8880a654ec3c by task syz-executor906/8876
[   66.694814][ T8876] 
[   66.697126][ T8876] CPU: 0 PID: 8876 Comm: syz-executor906 Not tainted 5.2.0+ #95
[   66.704729][ T8876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.714761][ T8876] Call Trace:
[   66.718029][ T8876]  dump_stack+0x172/0x1f0
[   66.722341][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   66.727267][ T8876]  print_address_description.cold+0xd4/0x306
[   66.733242][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   66.738175][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   66.743092][ T8876]  __kasan_report.cold+0x1b/0x36
[   66.748012][ T8876]  ? __do_sys_bpf+0x960/0x42f0
[   66.752752][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   66.757670][ T8876]  kasan_report+0x12/0x17
[   66.761979][ T8876]  __asan_report_load4_noabort+0x14/0x20
[   66.767585][ T8876]  do_jit.isra.0+0x4c35/0x5630
[   66.772333][ T8876]  ? jit_fill_hole+0x30/0x30
[   66.776913][ T8876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.783133][ T8876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.789356][ T8876]  ? rcu_read_lock_sched_held+0x110/0x130
[   66.795057][ T8876]  ? __kmalloc+0x608/0x770
[   66.799450][ T8876]  ? kmem_cache_alloc_trace+0x397/0x790
[   66.804980][ T8876]  ? bpf_int_jit_compile+0x99c/0xda0
[   66.810251][ T8876]  bpf_int_jit_compile+0x374/0xda0
[   66.815341][ T8876]  ? do_jit.isra.0+0x5630/0x5630
[   66.820262][ T8876]  ? ktime_get_with_offset+0x13a/0x350
[   66.825700][ T8876]  ? lockdep_hardirqs_on+0x418/0x5d0
[   66.830972][ T8876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.837194][ T8876]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   66.842979][ T8876]  ? __bpf_prog_run64+0xe0/0xe0
[   66.847806][ T8876]  bpf_prog_select_runtime+0x4cd/0x7d0
[   66.853243][ T8876]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.859461][ T8876]  ? bpf_obj_name_cpy+0x13f/0x190
[   66.864463][ T8876]  bpf_prog_load+0xe9b/0x1670
[   66.869119][ T8876]  ? bpf_prog_new_fd+0x60/0x60
[   66.873879][ T8876]  ? lock_downgrade+0x920/0x920
[   66.878734][ T8876]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   66.884991][ T8876]  ? security_bpf+0x8b/0xc0
[   66.889478][ T8876]  __do_sys_bpf+0xa46/0x42f0
[   66.894047][ T8876]  ? bpf_prog_load+0x1670/0x1670
[   66.898962][ T8876]  ? lock_downgrade+0x920/0x920
[   66.903793][ T8876]  ? __kasan_check_write+0x14/0x20
[   66.908885][ T8876]  ? up_read+0x159/0x570
[   66.913113][ T8876]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.918545][ T8876]  ? do_syscall_64+0x26/0x6a0
[   66.923201][ T8876]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.929245][ T8876]  ? do_syscall_64+0x26/0x6a0
[   66.933903][ T8876]  __x64_sys_bpf+0x73/0xb0
[   66.938309][ T8876]  do_syscall_64+0xfd/0x6a0
[   66.942808][ T8876]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.948676][ T8876] RIP: 0033:0x4402c9
[   66.952555][ T8876] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.972257][ T8876] RSP: 002b:00007ffc7d7bb638 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   66.984301][ T8876] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   66.992251][ T8876] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   67.000229][ T8876] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   67.008183][ T8876] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   67.016132][ T8876] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   67.024098][ T8876] 
[   67.026403][ T8876] Allocated by task 8388:
[   67.030712][ T8876]  save_stack+0x23/0x90
[   67.034845][ T8876]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   67.040456][ T8876]  kasan_kmalloc+0x9/0x10
[   67.044761][ T8876]  __kmalloc+0x163/0x770
[   67.048986][ T8876]  security_prepare_creds+0x11d/0x190
[   67.054335][ T8876]  prepare_creds+0x2f5/0x3f0
[   67.058907][ T8876]  do_faccessat+0xa2/0x7f0
[   67.063300][ T8876]  __x64_sys_access+0x59/0x80
[   67.067953][ T8876]  do_syscall_64+0xfd/0x6a0
[   67.072445][ T8876]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.078322][ T8876] 
[   67.080628][ T8876] Freed by task 8372:
[   67.084586][ T8876]  save_stack+0x23/0x90
[   67.088725][ T8876]  __kasan_slab_free+0x102/0x150
[   67.093652][ T8876]  kasan_slab_free+0xe/0x10
[   67.098390][ T8876]  kfree+0x10a/0x2c0
[   67.102264][ T8876]  security_cred_free+0xa9/0x110
[   67.107182][ T8876]  put_cred_rcu+0x129/0x4b0
[   67.111671][ T8876]  rcu_core+0x67f/0x1580
[   67.115892][ T8876]  rcu_core_si+0x9/0x10
[   67.120025][ T8876]  __do_softirq+0x262/0x98c
[   67.124497][ T8876] 
[   67.126806][ T8876] The buggy address belongs to the object at ffff8880a654ec00
[   67.126806][ T8876]  which belongs to the cache kmalloc-32 of size 32
[   67.140662][ T8876] The buggy address is located 28 bytes to the right of
[   67.140662][ T8876]  32-byte region [ffff8880a654ec00, ffff8880a654ec20)
[   67.154270][ T8876] The buggy address belongs to the page:
[   67.159886][ T8876] page:ffffea0002995380 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a654efc1
[   67.170272][ T8876] flags: 0x1fffc0000000200(slab)
[   67.175205][ T8876] raw: 01fffc0000000200 ffffea000290f1c8 ffffea0002a154c8 ffff8880aa4001c0
[   67.183768][ T8876] raw: ffff8880a654efc1 ffff8880a654e000 0000000100000027 0000000000000000
[   67.192327][ T8876] page dumped because: kasan: bad access detected
[   67.198717][ T8876] 
[   67.201031][ T8876] Memory state around the buggy address:
[   67.206636][ T8876]  ffff8880a654eb00: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   67.214697][ T8876]  ffff8880a654eb80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.222756][ T8876] >ffff8880a654ec00: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[   67.230791][ T8876]                                         ^
[   67.236683][ T8876]  ffff8880a654ec80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.244724][ T8876]  ffff8880a654ed00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.252759][ T8876] ==================================================================
[   67.260791][ T8876] Disabling lock debugging due to kernel taint
[   67.267435][ T8876] Kernel panic - not syncing: panic_on_warn set ...
[   67.274027][ T8876] CPU: 0 PID: 8876 Comm: syz-executor906 Tainted: G    B             5.2.0+ #95
[   67.283016][ T8876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.293047][ T8876] Call Trace:
[   67.296318][ T8876]  dump_stack+0x172/0x1f0
[   67.300626][ T8876]  panic+0x2dc/0x755
[   67.304510][ T8876]  ? add_taint.cold+0x16/0x16
[   67.309163][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   67.314075][ T8876]  ? preempt_schedule+0x4b/0x60
[   67.318905][ T8876]  ? ___preempt_schedule+0x16/0x18
[   67.323996][ T8876]  ? trace_hardirqs_on+0x5e/0x240
[   67.328996][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   67.333927][ T8876]  end_report+0x47/0x4f
[   67.338053][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   67.342964][ T8876]  __kasan_report.cold+0xe/0x36
[   67.347789][ T8876]  ? __do_sys_bpf+0x960/0x42f0
[   67.352526][ T8876]  ? do_jit.isra.0+0x4c35/0x5630
[   67.357438][ T8876]  kasan_report+0x12/0x17
[   67.361744][ T8876]  __asan_report_load4_noabort+0x14/0x20
[   67.367347][ T8876]  do_jit.isra.0+0x4c35/0x5630
[   67.372092][ T8876]  ? jit_fill_hole+0x30/0x30
[   67.376661][ T8876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.382878][ T8876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.389098][ T8876]  ? rcu_read_lock_sched_held+0x110/0x130
[   67.394788][ T8876]  ? __kmalloc+0x608/0x770
[   67.399177][ T8876]  ? kmem_cache_alloc_trace+0x397/0x790
[   67.404697][ T8876]  ? bpf_int_jit_compile+0x99c/0xda0
[   67.409957][ T8876]  bpf_int_jit_compile+0x374/0xda0
[   67.415045][ T8876]  ? do_jit.isra.0+0x5630/0x5630
[   67.419957][ T8876]  ? ktime_get_with_offset+0x13a/0x350
[   67.425392][ T8876]  ? lockdep_hardirqs_on+0x418/0x5d0
[   67.430656][ T8876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.436870][ T8876]  ? bpf_prog_alloc_jited_linfo+0xd3/0x1c0
[   67.442651][ T8876]  ? __bpf_prog_run64+0xe0/0xe0
[   67.447476][ T8876]  bpf_prog_select_runtime+0x4cd/0x7d0
[   67.452913][ T8876]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   67.459128][ T8876]  ? bpf_obj_name_cpy+0x13f/0x190
[   67.464127][ T8876]  bpf_prog_load+0xe9b/0x1670
[   67.468789][ T8876]  ? bpf_prog_new_fd+0x60/0x60
[   67.473554][ T8876]  ? lock_downgrade+0x920/0x920
[   67.478387][ T8876]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   67.484604][ T8876]  ? security_bpf+0x8b/0xc0
[   67.489083][ T8876]  __do_sys_bpf+0xa46/0x42f0
[   67.493648][ T8876]  ? bpf_prog_load+0x1670/0x1670
[   67.498562][ T8876]  ? lock_downgrade+0x920/0x920
[   67.503392][ T8876]  ? __kasan_check_write+0x14/0x20
[   67.508477][ T8876]  ? up_read+0x159/0x570
[   67.512720][ T8876]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   67.518152][ T8876]  ? do_syscall_64+0x26/0x6a0
[   67.522801][ T8876]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.528843][ T8876]  ? do_syscall_64+0x26/0x6a0
[   67.533500][ T8876]  __x64_sys_bpf+0x73/0xb0
[   67.537890][ T8876]  do_syscall_64+0xfd/0x6a0
[   67.542383][ T8876]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.548248][ T8876] RIP: 0033:0x4402c9
[   67.552118][ T8876] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   67.571699][ T8876] RSP: 002b:00007ffc7d7bb638 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   67.580085][ T8876] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   67.588032][ T8876] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   67.595983][ T8876] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   67.603929][ T8876] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401b50
[   67.611876][ T8876] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   67.620947][ T8876] Kernel Offset: disabled
[   67.625267][ T8876] Rebooting in 86400 seconds..