[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   53.598437][   T26] audit: type=1800 audit(1568645698.789:25): pid=8422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   53.628282][   T26] audit: type=1800 audit(1568645698.789:26): pid=8422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   53.682408][   T26] audit: type=1800 audit(1568645698.789:27): pid=8422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   64.192875][ T8575] ==================================================================
[   64.201090][ T8575] BUG: KASAN: slab-out-of-bounds in bpf_prog_create+0xe9/0x250
[   64.208635][ T8575] Read of size 32768 at addr ffff88809cf74000 by task syz-executor183/8575
[   64.217205][ T8575] 
[   64.219514][ T8575] CPU: 0 PID: 8575 Comm: syz-executor183 Not tainted 5.3.0-rc8-next-20190915 #0
[   64.228503][ T8575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.238574][ T8575] Call Trace:
[   64.241850][ T8575]  dump_stack+0x172/0x1f0
[   64.246155][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.250986][ T8575]  print_address_description.constprop.0.cold+0xd4/0x30b
[   64.257985][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.262807][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.267631][ T8575]  __kasan_report.cold+0x1b/0x41
[   64.272546][ T8575]  ? find_next_bit+0x100/0x130
[   64.277281][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.282121][ T8575]  kasan_report+0x12/0x20
[   64.286427][ T8575]  check_memory_region+0x134/0x1a0
[   64.291514][ T8575]  memcpy+0x24/0x50
[   64.295295][ T8575]  bpf_prog_create+0xe9/0x250
[   64.299962][ T8575]  get_filter.isra.0+0x108/0x1a0
[   64.304902][ T8575]  ? ppp_push+0x1290/0x1290
[   64.309386][ T8575]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   64.315601][ T8575]  ? _copy_from_user+0x12c/0x1a0
[   64.320517][ T8575]  ppp_ioctl+0x129d/0x2590
[   64.324941][ T8575]  ? ppp_nl_newlink+0x2a0/0x2a0
[   64.329769][ T8575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.335982][ T8575]  ? ppp_nl_newlink+0x2a0/0x2a0
[   64.340807][ T8575]  do_vfs_ioctl+0xdb6/0x13e0
[   64.345371][ T8575]  ? compat_ioctl_preallocate+0x210/0x210
[   64.351066][ T8575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.357277][ T8575]  ? debug_smp_processor_id+0x3c/0x214
[   64.362713][ T8575]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[   64.368845][ T8575]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   64.374368][ T8575]  ? tomoyo_file_ioctl+0x23/0x30
[   64.379282][ T8575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.385511][ T8575]  ? security_file_ioctl+0x8d/0xc0
[   64.390605][ T8575]  ksys_ioctl+0xab/0xd0
[   64.394737][ T8575]  __x64_sys_ioctl+0x73/0xb0
[   64.399324][ T8575]  do_syscall_64+0xfa/0x760
[   64.403806][ T8575]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.409673][ T8575] RIP: 0033:0x4401a9
[   64.413541][ T8575] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   64.433117][ T8575] RSP: 002b:00007ffebb37d0a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   64.441517][ T8575] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   64.449462][ T8575] RDX: 00000000200000c0 RSI: 0000000040107447 RDI: 0000000000000003
[   64.457420][ T8575] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   64.465364][ T8575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   64.473431][ T8575] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   64.481384][ T8575] 
[   64.483687][ T8575] Allocated by task 8575:
[   64.487992][ T8575]  save_stack+0x23/0x90
[   64.492120][ T8575]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   64.497737][ T8575]  kasan_kmalloc+0x9/0x10
[   64.502039][ T8575]  __kmalloc_track_caller+0x15f/0x760
[   64.507385][ T8575]  memdup_user+0x26/0xb0
[   64.511606][ T8575]  get_filter.isra.0+0xd7/0x1a0
[   64.516452][ T8575]  ppp_ioctl+0x129d/0x2590
[   64.520845][ T8575]  do_vfs_ioctl+0xdb6/0x13e0
[   64.525405][ T8575]  ksys_ioctl+0xab/0xd0
[   64.529545][ T8575]  __x64_sys_ioctl+0x73/0xb0
[   64.534127][ T8575]  do_syscall_64+0xfa/0x760
[   64.538615][ T8575]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.544487][ T8575] 
[   64.546792][ T8575] Freed by task 0:
[   64.550479][ T8575] (stack is not available)
[   64.554862][ T8575] 
[   64.557164][ T8575] The buggy address belongs to the object at ffff88809cf74000
[   64.557164][ T8575]  which belongs to the cache kmalloc-4k of size 4096
[   64.571204][ T8575] The buggy address is located 0 bytes inside of
[   64.571204][ T8575]  4096-byte region [ffff88809cf74000, ffff88809cf75000)
[   64.584358][ T8575] The buggy address belongs to the page:
[   64.589986][ T8575] page:ffffea000273dd00 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[   64.600887][ T8575] flags: 0x1fffc0000010200(slab|head)
[   64.606249][ T8575] raw: 01fffc0000010200 ffffea0002672988 ffffea00027e7788 ffff8880aa402000
[   64.614807][ T8575] raw: 0000000000000000 ffff88809cf74000 0000000100000001 0000000000000000
[   64.623364][ T8575] page dumped because: kasan: bad access detected
[   64.629746][ T8575] 
[   64.632049][ T8575] Memory state around the buggy address:
[   64.637653][ T8575]  ffff88809cf74f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.645686][ T8575]  ffff88809cf74f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.653753][ T8575] >ffff88809cf75000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.661786][ T8575]                    ^
[   64.665830][ T8575]  ffff88809cf75080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.673877][ T8575]  ffff88809cf75100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.681911][ T8575] ==================================================================
[   64.689942][ T8575] Disabling lock debugging due to kernel taint
[   64.696825][ T8575] Kernel panic - not syncing: panic_on_warn set ...
[   64.703417][ T8575] CPU: 0 PID: 8575 Comm: syz-executor183 Tainted: G    B             5.3.0-rc8-next-20190915 #0
[   64.713791][ T8575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.724808][ T8575] Call Trace:
[   64.728090][ T8575]  dump_stack+0x172/0x1f0
[   64.732407][ T8575]  panic+0x2dc/0x755
[   64.736274][ T8575]  ? add_taint.cold+0x16/0x16
[   64.740925][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.745750][ T8575]  ? preempt_schedule+0x4b/0x60
[   64.750599][ T8575]  ? ___preempt_schedule+0x16/0x20
[   64.755690][ T8575]  ? trace_hardirqs_on+0x5e/0x240
[   64.760700][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.765525][ T8575]  end_report+0x47/0x4f
[   64.769656][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.774477][ T8575]  __kasan_report.cold+0xe/0x41
[   64.779301][ T8575]  ? find_next_bit+0x100/0x130
[   64.784035][ T8575]  ? bpf_prog_create+0xe9/0x250
[   64.788868][ T8575]  kasan_report+0x12/0x20
[   64.793188][ T8575]  check_memory_region+0x134/0x1a0
[   64.798281][ T8575]  memcpy+0x24/0x50
[   64.802062][ T8575]  bpf_prog_create+0xe9/0x250
[   64.806713][ T8575]  get_filter.isra.0+0x108/0x1a0
[   64.811642][ T8575]  ? ppp_push+0x1290/0x1290
[   64.816128][ T8575]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   64.822339][ T8575]  ? _copy_from_user+0x12c/0x1a0
[   64.827260][ T8575]  ppp_ioctl+0x129d/0x2590
[   64.831651][ T8575]  ? ppp_nl_newlink+0x2a0/0x2a0
[   64.836494][ T8575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.842706][ T8575]  ? ppp_nl_newlink+0x2a0/0x2a0
[   64.847547][ T8575]  do_vfs_ioctl+0xdb6/0x13e0
[   64.852111][ T8575]  ? compat_ioctl_preallocate+0x210/0x210
[   64.857805][ T8575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.864032][ T8575]  ? debug_smp_processor_id+0x3c/0x214
[   64.869485][ T8575]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[   64.875610][ T8575]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   64.881129][ T8575]  ? tomoyo_file_ioctl+0x23/0x30
[   64.886043][ T8575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.892268][ T8575]  ? security_file_ioctl+0x8d/0xc0
[   64.897360][ T8575]  ksys_ioctl+0xab/0xd0
[   64.901488][ T8575]  __x64_sys_ioctl+0x73/0xb0
[   64.906052][ T8575]  do_syscall_64+0xfa/0x760
[   64.910549][ T8575]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.916415][ T8575] RIP: 0033:0x4401a9
[   64.920284][ T8575] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   64.939948][ T8575] RSP: 002b:00007ffebb37d0a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   64.948372][ T8575] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   64.956316][ T8575] RDX: 00000000200000c0 RSI: 0000000040107447 RDI: 0000000000000003
[   64.964261][ T8575] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   64.972220][ T8575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   64.980184][ T8575] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   64.989472][ T8575] Kernel Offset: disabled
[   64.993785][ T8575] Rebooting in 86400 seconds..