[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   55.941539][   T26] audit: type=1800 audit(1569717797.988:25): pid=8458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   55.983828][   T26] audit: type=1800 audit(1569717797.988:26): pid=8458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   56.028724][   T26] audit: type=1800 audit(1569717797.988:27): pid=8458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   74.767377][ T8612] ==================================================================
[   74.775637][ T8612] BUG: KASAN: slab-out-of-bounds in bpf_prog_create+0xe9/0x250
[   74.783189][ T8612] Read of size 32768 at addr ffff888091bc6000 by task syz-executor090/8612
[   74.791897][ T8612] 
[   74.794212][ T8612] CPU: 1 PID: 8612 Comm: syz-executor090 Not tainted 5.3.0-next-20190926 #0
[   74.802865][ T8612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.812911][ T8612] Call Trace:
[   74.816194][ T8612]  dump_stack+0x172/0x1f0
[   74.820513][ T8612]  ? bpf_prog_create+0xe9/0x250
[   74.825359][ T8612]  print_address_description.constprop.0.cold+0xd4/0x30b
[   74.832361][ T8612]  ? bpf_prog_create+0xe9/0x250
[   74.837193][ T8612]  ? bpf_prog_create+0xe9/0x250
[   74.842036][ T8612]  __kasan_report.cold+0x1b/0x41
[   74.846960][ T8612]  ? find_next_bit+0xf0/0x130
[   74.851624][ T8612]  ? bpf_prog_create+0xe9/0x250
[   74.856454][ T8612]  kasan_report+0x12/0x20
[   74.860762][ T8612]  check_memory_region+0x134/0x1a0
[   74.865861][ T8612]  memcpy+0x24/0x50
[   74.869662][ T8612]  bpf_prog_create+0xe9/0x250
[   74.874321][ T8612]  get_filter.isra.0+0x108/0x1a0
[   74.879241][ T8612]  ? ppp_push+0x1290/0x1290
[   74.883729][ T8612]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   74.889962][ T8612]  ? _copy_from_user+0x12c/0x1a0
[   74.894880][ T8612]  ppp_ioctl+0x129d/0x2590
[   74.899291][ T8612]  ? ppp_nl_newlink+0x2a0/0x2a0
[   74.904124][ T8612]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   74.910357][ T8612]  ? ppp_nl_newlink+0x2a0/0x2a0
[   74.915189][ T8612]  do_vfs_ioctl+0xdb6/0x13e0
[   74.919773][ T8612]  ? compat_ioctl_preallocate+0x210/0x210
[   74.925474][ T8612]  ? perf_trace_initcall_level+0x174/0x420
[   74.931280][ T8612]  ? putname+0xf4/0x130
[   74.935418][ T8612]  ? do_sys_open+0x31d/0x5d0
[   74.940001][ T8612]  ? tomoyo_file_ioctl+0x23/0x30
[   74.944919][ T8612]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   74.951154][ T8612]  ? security_file_ioctl+0x8d/0xc0
[   74.956247][ T8612]  ksys_ioctl+0xab/0xd0
[   74.960383][ T8612]  __x64_sys_ioctl+0x73/0xb0
[   74.964963][ T8612]  do_syscall_64+0xfa/0x760
[   74.969449][ T8612]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   74.975317][ T8612] RIP: 0033:0x4401a9
[   74.979215][ T8612] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   74.998799][ T8612] RSP: 002b:00007ffcb9965988 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.007202][ T8612] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   75.015176][ T8612] RDX: 00000000200000c0 RSI: 0000000040107447 RDI: 0000000000000003
[   75.023126][ T8612] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   75.031076][ T8612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   75.039039][ T8612] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   75.047003][ T8612] 
[   75.049312][ T8612] Allocated by task 8612:
[   75.053624][ T8612]  save_stack+0x23/0x90
[   75.057757][ T8612]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   75.063365][ T8612]  kasan_kmalloc+0x9/0x10
[   75.067685][ T8612]  __kmalloc_track_caller+0x15f/0x760
[   75.073148][ T8612]  memdup_user+0x26/0xb0
[   75.077376][ T8612]  get_filter.isra.0+0xd7/0x1a0
[   75.082209][ T8612]  ppp_ioctl+0x129d/0x2590
[   75.086606][ T8612]  do_vfs_ioctl+0xdb6/0x13e0
[   75.091201][ T8612]  ksys_ioctl+0xab/0xd0
[   75.095340][ T8612]  __x64_sys_ioctl+0x73/0xb0
[   75.099926][ T8612]  do_syscall_64+0xfa/0x760
[   75.104411][ T8612]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.110277][ T8612] 
[   75.112588][ T8612] Freed by task 0:
[   75.116301][ T8612] (stack is not available)
[   75.120688][ T8612] 
[   75.123011][ T8612] The buggy address belongs to the object at ffff888091bc6000
[   75.123011][ T8612]  which belongs to the cache kmalloc-4k of size 4096
[   75.137043][ T8612] The buggy address is located 0 bytes inside of
[   75.137043][ T8612]  4096-byte region [ffff888091bc6000, ffff888091bc7000)
[   75.150200][ T8612] The buggy address belongs to the page:
[   75.155812][ T8612] page:ffffea000246f180 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[   75.166721][ T8612] flags: 0x1fffc0000010200(slab|head)
[   75.172074][ T8612] raw: 01fffc0000010200 ffffea000260b208 ffffea00025a3008 ffff8880aa402000
[   75.180652][ T8612] raw: 0000000000000000 ffff888091bc6000 0000000100000001 0000000000000000
[   75.189235][ T8612] page dumped because: kasan: bad access detected
[   75.195620][ T8612] 
[   75.197929][ T8612] Memory state around the buggy address:
[   75.203542][ T8612]  ffff888091bc6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.211584][ T8612]  ffff888091bc6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.219680][ T8612] >ffff888091bc7000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.227739][ T8612]                    ^
[   75.231788][ T8612]  ffff888091bc7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.239856][ T8612]  ffff888091bc7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.247896][ T8612] ==================================================================
[   75.255934][ T8612] Disabling lock debugging due to kernel taint
[   75.262888][ T8612] Kernel panic - not syncing: panic_on_warn set ...
[   75.269494][ T8612] CPU: 1 PID: 8612 Comm: syz-executor090 Tainted: G    B             5.3.0-next-20190926 #0
[   75.279538][ T8612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.289583][ T8612] Call Trace:
[   75.292854][ T8612]  dump_stack+0x172/0x1f0
[   75.297171][ T8612]  panic+0x2dc/0x755
[   75.301046][ T8612]  ? add_taint.cold+0x16/0x16
[   75.305701][ T8612]  ? bpf_prog_create+0xe9/0x250
[   75.310529][ T8612]  ? preempt_schedule+0x4b/0x60
[   75.315356][ T8612]  ? ___preempt_schedule+0x16/0x20
[   75.320444][ T8612]  ? trace_hardirqs_on+0x5e/0x240
[   75.325444][ T8612]  ? bpf_prog_create+0xe9/0x250
[   75.330270][ T8612]  end_report+0x47/0x4f
[   75.334414][ T8612]  ? bpf_prog_create+0xe9/0x250
[   75.339253][ T8612]  __kasan_report.cold+0xe/0x41
[   75.344095][ T8612]  ? find_next_bit+0xf0/0x130
[   75.348745][ T8612]  ? bpf_prog_create+0xe9/0x250
[   75.353586][ T8612]  kasan_report+0x12/0x20
[   75.357894][ T8612]  check_memory_region+0x134/0x1a0
[   75.362980][ T8612]  memcpy+0x24/0x50
[   75.366764][ T8612]  bpf_prog_create+0xe9/0x250
[   75.371418][ T8612]  get_filter.isra.0+0x108/0x1a0
[   75.376330][ T8612]  ? ppp_push+0x1290/0x1290
[   75.380813][ T8612]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   75.387058][ T8612]  ? _copy_from_user+0x12c/0x1a0
[   75.391992][ T8612]  ppp_ioctl+0x129d/0x2590
[   75.396390][ T8612]  ? ppp_nl_newlink+0x2a0/0x2a0
[   75.401240][ T8612]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.407458][ T8612]  ? ppp_nl_newlink+0x2a0/0x2a0
[   75.412284][ T8612]  do_vfs_ioctl+0xdb6/0x13e0
[   75.416851][ T8612]  ? compat_ioctl_preallocate+0x210/0x210
[   75.422564][ T8612]  ? perf_trace_initcall_level+0x174/0x420
[   75.428434][ T8612]  ? putname+0xf4/0x130
[   75.432582][ T8612]  ? do_sys_open+0x31d/0x5d0
[   75.437159][ T8612]  ? tomoyo_file_ioctl+0x23/0x30
[   75.442076][ T8612]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.448292][ T8612]  ? security_file_ioctl+0x8d/0xc0
[   75.453380][ T8612]  ksys_ioctl+0xab/0xd0
[   75.457514][ T8612]  __x64_sys_ioctl+0x73/0xb0
[   75.462089][ T8612]  do_syscall_64+0xfa/0x760
[   75.466571][ T8612]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.472436][ T8612] RIP: 0033:0x4401a9
[   75.476323][ T8612] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   75.495920][ T8612] RSP: 002b:00007ffcb9965988 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.504319][ T8612] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   75.512269][ T8612] RDX: 00000000200000c0 RSI: 0000000040107447 RDI: 0000000000000003
[   75.520230][ T8612] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   75.528190][ T8612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   75.536144][ T8612] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   75.545308][ T8612] Kernel Offset: disabled
[   75.549636][ T8612] Rebooting in 86400 seconds..