[   37.336266][   T25] audit: type=1800 audit(1563743216.945:22): pid=7300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   53.163040][ T7465] IPVS: ftp: loaded support on port[0] = 21
[   53.585732][ T7454] can: request_module (can-proto-0) failed.
[   54.514741][ T7454] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.167' (ECDSA) to the list of known hosts.
2019/07/21 21:07:21 parsed 1 programs
2019/07/21 21:07:22 executed programs: 0
[   62.867044][ T7542] IPVS: ftp: loaded support on port[0] = 21
[   62.867398][ T7546] IPVS: ftp: loaded support on port[0] = 21
[   62.891872][ T7545] IPVS: ftp: loaded support on port[0] = 21
[   62.905451][ T7550] IPVS: ftp: loaded support on port[0] = 21
[   62.910690][ T7548] IPVS: ftp: loaded support on port[0] = 21
[   62.968166][ T7551] IPVS: ftp: loaded support on port[0] = 21
[   63.019406][ T7542] chnl_net:caif_netlink_parms(): no params data found
[   63.093140][ T7542] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.100342][ T7542] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.108445][ T7542] device bridge_slave_0 entered promiscuous mode
[   63.120479][ T7542] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.127685][ T7542] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.135444][ T7542] device bridge_slave_1 entered promiscuous mode
[   63.177625][ T7542] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.215408][ T7542] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.260846][ T7551] chnl_net:caif_netlink_parms(): no params data found
[   63.275756][ T7542] team0: Port device team_slave_0 added
[   63.284013][ T7542] team0: Port device team_slave_1 added
[   63.305923][ T7545] chnl_net:caif_netlink_parms(): no params data found
[   63.358478][ T7542] device hsr_slave_0 entered promiscuous mode
[   63.417321][ T7542] device hsr_slave_1 entered promiscuous mode
[   63.459025][ T7550] chnl_net:caif_netlink_parms(): no params data found
[   63.506048][ T7542] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.513237][ T7542] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.521089][ T7542] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.528185][ T7542] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.551143][ T7546] chnl_net:caif_netlink_parms(): no params data found
[   63.586979][ T7546] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.594044][ T7546] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.601790][ T7546] device bridge_slave_0 entered promiscuous mode
[   63.652056][ T7550] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.659258][ T7550] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.667097][ T7550] device bridge_slave_0 entered promiscuous mode
[   63.674185][ T7545] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.681304][ T7545] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.689110][ T7545] device bridge_slave_0 entered promiscuous mode
[   63.705272][ T7551] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.712511][ T7551] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.720296][ T7551] device bridge_slave_0 entered promiscuous mode
[   63.729469][ T7551] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.736547][ T7551] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.744478][ T7551] device bridge_slave_1 entered promiscuous mode
[   63.751901][ T7550] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.759042][ T7550] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.766808][ T7550] device bridge_slave_1 entered promiscuous mode
[   63.784190][ T7551] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.792574][ T7546] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.799697][ T7546] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.807794][ T7546] device bridge_slave_1 entered promiscuous mode
[   63.814552][ T7545] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.821816][ T7545] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.829624][ T7545] device bridge_slave_1 entered promiscuous mode
[   63.848277][ T7551] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.862467][ T7546] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.876206][ T7546] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.890365][ T7548] chnl_net:caif_netlink_parms(): no params data found
[   63.913934][ T7550] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.940839][ T7551] team0: Port device team_slave_0 added
[   63.947763][ T7551] team0: Port device team_slave_1 added
[   63.960333][ T7545] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.970146][ T7550] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.993780][ T7546] team0: Port device team_slave_0 added
[   64.002430][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.011661][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.025048][ T7545] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.043011][ T7548] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.050220][ T7548] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.058642][ T7548] device bridge_slave_0 entered promiscuous mode
[   64.066545][ T7546] team0: Port device team_slave_1 added
[   64.072456][ T7548] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.079864][ T7548] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.087672][ T7548] device bridge_slave_1 entered promiscuous mode
[   64.119963][ T7550] team0: Port device team_slave_0 added
[   64.127045][ T7550] team0: Port device team_slave_1 added
[   64.134626][ T7545] team0: Port device team_slave_0 added
[   64.188400][ T7551] device hsr_slave_0 entered promiscuous mode
[   64.237405][ T7551] device hsr_slave_1 entered promiscuous mode
[   64.339278][ T7546] device hsr_slave_0 entered promiscuous mode
[   64.377302][ T7546] device hsr_slave_1 entered promiscuous mode
[   64.423764][ T7548] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.432965][ T7545] team0: Port device team_slave_1 added
[   64.439698][ T7548] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.479276][ T7550] device hsr_slave_0 entered promiscuous mode
[   64.517270][ T7550] device hsr_slave_1 entered promiscuous mode
[   64.575246][ T7542] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.598999][ T7548] team0: Port device team_slave_0 added
[   64.615670][ T7548] team0: Port device team_slave_1 added
[   64.669581][ T7545] device hsr_slave_0 entered promiscuous mode
[   64.737220][ T7545] device hsr_slave_1 entered promiscuous mode
[   64.829371][ T7548] device hsr_slave_0 entered promiscuous mode
[   64.867299][ T7548] device hsr_slave_1 entered promiscuous mode
[   64.933876][ T7542] 8021q: adding VLAN 0 to HW filter on device team0
[   64.977906][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.986226][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.018257][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.026719][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.035551][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.042633][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.050229][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.058784][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.067117][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.074178][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.081875][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.090381][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.099049][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.107432][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.115630][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.124155][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.132671][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.156589][ T7551] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.163827][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.172516][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.203934][ T7551] 8021q: adding VLAN 0 to HW filter on device team0
[   65.213117][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.220857][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.235025][ T7550] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.241975][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.250464][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.265244][ T7546] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.279441][ T7542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.289748][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.298434][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.306816][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.313932][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.322975][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.330711][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.338304][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.346727][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.355047][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.362105][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.371672][ T7546] 8021q: adding VLAN 0 to HW filter on device team0
[   65.394522][ T7550] 8021q: adding VLAN 0 to HW filter on device team0
[   65.404221][ T7548] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.434669][ T7548] 8021q: adding VLAN 0 to HW filter on device team0
[   65.444590][ T7545] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.473256][ T7542] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.482142][ T7545] 8021q: adding VLAN 0 to HW filter on device team0
[   65.494168][ T7548] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.504883][ T7548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.518103][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.525947][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.534646][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.543201][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.550898][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.558595][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.567200][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.575476][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.584045][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.592314][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.600027][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.607661][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.616016][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.624264][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.632838][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.641219][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.648293][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.655785][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.664542][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.672922][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.679996][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.687532][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.696088][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.704477][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.711556][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.719119][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.727800][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.736268][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.744988][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.753286][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.761890][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.770270][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.777341][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.784839][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.793459][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.801878][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.810816][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.819231][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.826279][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.833812][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.842419][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.850124][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.857826][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.866164][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.874702][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.882991][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.891239][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.905901][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.913749][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.922091][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.930839][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.938594][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.946410][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.954089][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.962708][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.971176][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.978279][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.985805][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.998178][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.006540][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.027948][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   66.036429][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.045099][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.053395][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   66.062651][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.071127][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.079397][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.098483][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.106293][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.114980][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.126398][ T7548] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.144026][ T7550] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.155770][ T7550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   66.163511][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.171637][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.180241][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.188594][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.195637][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.203168][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.211477][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.235883][ T7550] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.250424][ T7546] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   66.260841][ T7546] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.277403][ T7551] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.311586][ T7545] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   66.322319][ T7545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.331750][ T7570] ==================================================================
[   66.340806][ T7570] BUG: KASAN: slab-out-of-bounds in do_jit.isra.2+0x44c6/0x5770
[   66.348434][ T7570] Read of size 4 at addr ffff888089a42cfc by task syz-executor.2/7570
[   66.356576][ T7570] 
[   66.358898][ T7570] CPU: 1 PID: 7570 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #1
[   66.366685][ T7570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.376753][ T7570] Call Trace:
[   66.380042][ T7570]  dump_stack+0x115/0x167
[   66.384352][ T7570]  print_address_description.cold.5+0x9/0x1ff
[   66.390394][ T7570]  ? do_jit.isra.2+0x44c6/0x5770
[   66.395324][ T7570]  __kasan_report.cold.6+0x1b/0x39
[   66.400415][ T7570]  ? do_jit.isra.2+0x44c6/0x5770
[   66.405335][ T7570]  ? __kprobes_text_end+0x1caca8/0x1caca8
[   66.411043][ T7570]  ? do_jit.isra.2+0x44c6/0x5770
[   66.415952][ T7570]  kasan_report+0x12/0x20
[   66.420254][ T7570]  __asan_report_load4_noabort+0x14/0x20
[   66.425858][ T7570]  do_jit.isra.2+0x44c6/0x5770
[   66.430613][ T7570]  ? mark_held_locks+0x130/0x130
[   66.435542][ T7570]  ? debug_check_no_obj_freed+0x1ff/0x472
[   66.441244][ T7570]  ? lock_downgrade+0x860/0x860
[   66.446066][ T7570]  ? jit_fill_hole+0x20/0x20
[   66.450658][ T7570]  ? fault_create_debugfs_attr+0x1a0/0x1a0
[   66.456454][ T7570]  ? kasan_unpoison_shadow+0x35/0x50
[   66.461728][ T7570]  ? rcu_read_lock_sched_held+0x108/0x120
[   66.467425][ T7570]  ? __kmalloc+0x5d0/0x740
[   66.471838][ T7570]  ? kmem_cache_alloc_trace+0x336/0x730
[   66.477372][ T7570]  ? bpf_int_jit_compile+0x723/0xb21
[   66.482628][ T7570]  bpf_int_jit_compile+0x302/0xb21
[   66.487712][ T7570]  ? do_jit.isra.2+0x5770/0x5770
[   66.492622][ T7570]  ? bpf_prog_load+0xa41/0x1200
[   66.497466][ T7570]  ? lockdep_hardirqs_on+0x424/0x5c0
[   66.502722][ T7570]  ? ktime_get_with_offset+0x1f4/0x2a0
[   66.508157][ T7570]  ? __bpf_prog_run64+0xd0/0xd0
[   66.512979][ T7570]  bpf_prog_select_runtime+0x43e/0x850
[   66.518410][ T7570]  ? bpf_obj_name_cpy+0x2b/0x220
[   66.523353][ T7570]  bpf_prog_load+0xaeb/0x1200
[   66.528035][ T7570]  ? bpf_prog_new_fd+0x30/0x30
[   66.532794][ T7570]  ? find_held_lock+0x36/0x1d0
[   66.537539][ T7570]  ? kasan_check_write+0x14/0x20
[   66.542455][ T7570]  __do_sys_bpf+0x90a/0x3330
[   66.547027][ T7570]  ? bpf_prog_load+0x1200/0x1200
[   66.551952][ T7570]  ? mark_held_locks+0x130/0x130
[   66.556884][ T7570]  ? find_held_lock+0x36/0x1d0
[   66.561633][ T7570]  ? __might_fault+0xf1/0x1b0
[   66.566285][ T7570]  ? lock_downgrade+0x860/0x860
[   66.571115][ T7570]  ? kasan_check_read+0x11/0x20
[   66.575943][ T7570]  ? _copy_to_user+0x91/0xb0
[   66.580516][ T7570]  ? put_timespec64+0xa9/0x100
[   66.585257][ T7570]  ? nsecs_to_jiffies+0x20/0x20
[   66.590134][ T7570]  ? do_syscall_64+0x21/0x530
[   66.594799][ T7570]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.600847][ T7570]  __x64_sys_bpf+0x6e/0xb0
[   66.605239][ T7570]  do_syscall_64+0xd0/0x530
[   66.609721][ T7570]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.615590][ T7570] RIP: 0033:0x459819
[   66.619461][ T7570] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.639067][ T7570] RSP: 002b:00007fb097662c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   66.647484][ T7570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819
[   66.655437][ T7570] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   66.663388][ T7570] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   66.671340][ T7570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0976636d4
[   66.679315][ T7570] R13: 00000000004bfc7c R14: 00000000004d16d8 R15: 00000000ffffffff
[   66.687295][ T7570] 
[   66.689602][ T7570] Allocated by task 7294:
[   66.693907][ T7570]  save_stack+0x21/0x90
[   66.698032][ T7570]  __kasan_kmalloc.constprop.8+0xc7/0xd0
[   66.703666][ T7570]  kasan_kmalloc+0x9/0x10
[   66.707997][ T7570]  __kmalloc+0x15d/0x740
[   66.712210][ T7570]  tomoyo_encode2.part.2+0x97/0x360
[   66.717376][ T7570]  tomoyo_encode+0x1c/0x30
[   66.721762][ T7570]  tomoyo_realpath_from_path+0x168/0x790
[   66.727362][ T7570]  tomoyo_path_perm+0x203/0x380
[   66.732185][ T7570]  tomoyo_inode_getattr+0x13/0x20
[   66.737180][ T7570]  security_inode_getattr+0xb0/0x100
[   66.742442][ T7570]  vfs_getattr+0x1c/0x40
[   66.746652][ T7570]  vfs_statx+0xd8/0x150
[   66.750775][ T7570]  __do_sys_newfstatat+0x7d/0xd0
[   66.755683][ T7570]  __x64_sys_newfstatat+0x92/0xf0
[   66.760707][ T7570]  do_syscall_64+0xd0/0x530
[   66.765192][ T7570]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.771065][ T7570] 
[   66.773362][ T7570] Freed by task 7294:
[   66.777311][ T7570]  save_stack+0x21/0x90
[   66.781433][ T7570]  __kasan_slab_free+0x102/0x150
[   66.786341][ T7570]  kasan_slab_free+0xe/0x10
[   66.790817][ T7570]  kfree+0xcf/0x210
[   66.794598][ T7570]  tomoyo_path_perm+0x218/0x380
[   66.799422][ T7570]  tomoyo_inode_getattr+0x13/0x20
[   66.804428][ T7570]  security_inode_getattr+0xb0/0x100
[   66.809684][ T7570]  vfs_getattr+0x1c/0x40
[   66.813956][ T7570]  vfs_statx+0xd8/0x150
[   66.818100][ T7570]  __do_sys_newfstatat+0x7d/0xd0
[   66.823015][ T7570]  __x64_sys_newfstatat+0x92/0xf0
[   66.828038][ T7570]  do_syscall_64+0xd0/0x530
[   66.832514][ T7570]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.838375][ T7570] 
[   66.840689][ T7570] The buggy address belongs to the object at ffff888089a42cc0
[   66.840689][ T7570]  which belongs to the cache kmalloc-32 of size 32
[   66.854544][ T7570] The buggy address is located 28 bytes to the right of
[   66.854544][ T7570]  32-byte region [ffff888089a42cc0, ffff888089a42ce0)
[   66.868135][ T7570] The buggy address belongs to the page:
[   66.873740][ T7570] page:ffffea0002269080 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888089a42fc1
[   66.884122][ T7570] flags: 0x1fffc0000000200(slab)
[   66.889034][ T7570] raw: 01fffc0000000200 ffffea0002a56b48 ffffea00027ea408 ffff8880aa4001c0
[   66.897620][ T7570] raw: ffff888089a42fc1 ffff888089a42000 000000010000003f 0000000000000000
[   66.906195][ T7570] page dumped because: kasan: bad access detected
[   66.912598][ T7570] 
[   66.914900][ T7570] Memory state around the buggy address:
[   66.920506][ T7570]  ffff888089a42b80: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[   66.928971][ T7570]  ffff888089a42c00: 00 00 06 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   66.937013][ T7570] >ffff888089a42c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   66.945051][ T7570]                                                                 ^
[   66.953130][ T7570]  ffff888089a42d00: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   66.961174][ T7570]  ffff888089a42d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   66.969217][ T7570] ==================================================================
[   66.977256][ T7570] Disabling lock debugging due to kernel taint
[   66.987729][ T7570] Kernel panic - not syncing: panic_on_warn set ...
[   66.994344][ T7570] CPU: 1 PID: 7570 Comm: syz-executor.2 Tainted: G    B             5.2.0-rc2+ #1
[   67.006484][ T7570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.016543][ T7570] Call Trace:
[   67.019813][ T7570]  dump_stack+0x115/0x167
[   67.024117][ T7570]  ? do_jit.isra.2+0x4430/0x5770
[   67.029032][ T7570]  panic+0x212/0x4cb
[   67.032900][ T7570]  ? __warn_printk+0xd6/0xd6
[   67.037468][ T7570]  ? do_raw_spin_unlock+0x54/0x260
[   67.042551][ T7570]  ? do_raw_spin_unlock+0x54/0x260
[   67.047635][ T7570]  ? do_jit.isra.2+0x44c6/0x5770
[   67.052549][ T7570]  end_report+0x47/0x4f
[   67.056682][ T7570]  __kasan_report.cold.6+0xe/0x39
[   67.061706][ T7570]  ? do_jit.isra.2+0x44c6/0x5770
[   67.066648][ T7570]  ? __kprobes_text_end+0x1caca8/0x1caca8
[   67.072449][ T7570]  ? do_jit.isra.2+0x44c6/0x5770
[   67.080930][ T7570]  kasan_report+0x12/0x20
[   67.085235][ T7570]  __asan_report_load4_noabort+0x14/0x20
[   67.090988][ T7570]  do_jit.isra.2+0x44c6/0x5770
[   67.095746][ T7570]  ? mark_held_locks+0x130/0x130
[   67.100677][ T7570]  ? debug_check_no_obj_freed+0x1ff/0x472
[   67.106387][ T7570]  ? lock_downgrade+0x860/0x860
[   67.111245][ T7570]  ? jit_fill_hole+0x20/0x20
[   67.115829][ T7570]  ? fault_create_debugfs_attr+0x1a0/0x1a0
[   67.121623][ T7570]  ? kasan_unpoison_shadow+0x35/0x50
[   67.126897][ T7570]  ? rcu_read_lock_sched_held+0x108/0x120
[   67.132623][ T7570]  ? __kmalloc+0x5d0/0x740
[   67.137032][ T7570]  ? kmem_cache_alloc_trace+0x336/0x730
[   67.142571][ T7570]  ? bpf_int_jit_compile+0x723/0xb21
[   67.147850][ T7570]  bpf_int_jit_compile+0x302/0xb21
[   67.152956][ T7570]  ? do_jit.isra.2+0x5770/0x5770
[   67.157886][ T7570]  ? bpf_prog_load+0xa41/0x1200
[   67.162729][ T7570]  ? lockdep_hardirqs_on+0x424/0x5c0
[   67.168001][ T7570]  ? ktime_get_with_offset+0x1f4/0x2a0
[   67.173468][ T7570]  ? __bpf_prog_run64+0xd0/0xd0
[   67.178308][ T7570]  bpf_prog_select_runtime+0x43e/0x850
[   67.183756][ T7570]  ? bpf_obj_name_cpy+0x2b/0x220
[   67.188683][ T7570]  bpf_prog_load+0xaeb/0x1200
[   67.193346][ T7570]  ? bpf_prog_new_fd+0x30/0x30
[   67.198178][ T7570]  ? find_held_lock+0x36/0x1d0
[   67.202948][ T7570]  ? kasan_check_write+0x14/0x20
[   67.207877][ T7570]  __do_sys_bpf+0x90a/0x3330
[   67.212482][ T7570]  ? bpf_prog_load+0x1200/0x1200
[   67.217407][ T7570]  ? mark_held_locks+0x130/0x130
[   67.222329][ T7570]  ? find_held_lock+0x36/0x1d0
[   67.227076][ T7570]  ? __might_fault+0xf1/0x1b0
[   67.231733][ T7570]  ? lock_downgrade+0x860/0x860
[   67.236566][ T7570]  ? kasan_check_read+0x11/0x20
[   67.241488][ T7570]  ? _copy_to_user+0x91/0xb0
[   67.246062][ T7570]  ? put_timespec64+0xa9/0x100
[   67.250836][ T7570]  ? nsecs_to_jiffies+0x20/0x20
[   67.255691][ T7570]  ? do_syscall_64+0x21/0x530
[   67.260360][ T7570]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.266415][ T7570]  __x64_sys_bpf+0x6e/0xb0
[   67.270908][ T7570]  do_syscall_64+0xd0/0x530
[   67.275401][ T7570]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.281422][ T7570] RIP: 0033:0x459819
[   67.285416][ T7570] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   67.306168][ T7570] RSP: 002b:00007fb097662c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   67.315386][ T7570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819
[   67.323829][ T7570] RDX: 0000000000000046 RSI: 0000000020000180 RDI: 0000000000000005
[   67.332110][ T7570] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   67.340565][ T7570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0976636d4
[   67.349141][ T7570] R13: 00000000004bfc7c R14: 00000000004d16d8 R15: 00000000ffffffff
[   67.358639][ T7570] Kernel Offset: disabled
[   67.363010][ T7570] Rebooting in 86400 seconds..