[ 81.138340][ T27] audit: type=1800 audit(1579577307.439:26): pid=9796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.004934][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 82.004947][ T27] audit: type=1800 audit(1579577308.319:29): pid=9796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 82.031863][ T27] audit: type=1800 audit(1579577308.319:30): pid=9796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 90.511996][ T9951] ================================================================== [ 90.520323][ T9951] BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x43d/0x520 [ 90.528517][ T9951] Write of size 1 at addr ffff8880a4f9e590 by task syz-executor342/9951 [ 90.537333][ T9951] [ 90.540213][ T9951] CPU: 0 PID: 9951 Comm: syz-executor342 Not tainted 5.5.0-rc6-syzkaller #0 [ 90.550458][ T9951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.561160][ T9951] Call Trace: [ 90.564503][ T9951] dump_stack+0x197/0x210 [ 90.568836][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 90.574356][ T9951] print_address_description.constprop.0.cold+0xd4/0x30b [ 90.581373][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 90.586984][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 90.592456][ T9951] __kasan_report.cold+0x1b/0x41 [ 90.597386][ T9951] ? trace_hardirqs_off+0x1e1/0x240 [ 90.602688][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 90.608270][ T9951] kasan_report+0x12/0x20 [ 90.612769][ T9951] __asan_report_store1_noabort+0x17/0x20 [ 90.618596][ T9951] setup_udp_tunnel_sock+0x43d/0x520 [ 90.623879][ T9951] gtp_encap_enable_socket+0x33f/0x420 [ 90.629952][ T9951] ? gtp_find_pdp_by_link+0x480/0x480 [ 90.635322][ T9951] ? memset+0x32/0x40 [ 90.639352][ T9951] ? gtp1_pdp_find.isra.0+0x180/0x180 [ 90.644844][ T9951] ? __gtp_encap_destroy+0x1e0/0x1e0 [ 90.650147][ T9951] ? alloc_netdev_mqs+0xa22/0xde0 [ 90.655294][ T9951] gtp_newlink+0x95/0xc60 [ 90.659657][ T9951] ? rtnl_create_link+0x192/0xab0 [ 90.664732][ T9951] ? netlink_ns_capable+0x26/0x30 [ 90.669790][ T9951] ? gtp_genl_get_pdp+0x5c0/0x5c0 [ 90.674823][ T9951] __rtnl_newlink+0x109d/0x1790 [ 90.679678][ T9951] ? rtnl_link_unregister+0x250/0x250 [ 90.685049][ T9951] ? is_bpf_text_address+0xce/0x160 [ 90.690257][ T9951] ? unwind_get_return_address+0x61/0xa0 [ 90.695877][ T9951] ? profile_setup.cold+0xbb/0xbb [ 90.701189][ T9951] ? arch_stack_walk+0x97/0xf0 [ 90.705975][ T9951] ? stack_trace_save+0xac/0xe0 [ 90.711226][ T9951] ? stack_trace_consume_entry+0x190/0x190 [ 90.717119][ T9951] ? mark_lock+0xc2/0x1220 [ 90.721606][ T9951] ? save_stack+0x5c/0x90 [ 90.725990][ T9951] ? save_stack+0x23/0x90 [ 90.730444][ T9951] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 90.736398][ T9951] ? rtnl_newlink+0x4b/0xa0 [ 90.740918][ T9951] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 90.746480][ T9951] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 90.752685][ T9951] rtnl_newlink+0x69/0xa0 [ 90.757265][ T9951] ? __rtnl_newlink+0x1790/0x1790 [ 90.762290][ T9951] rtnetlink_rcv_msg+0x45e/0xaf0 [ 90.767366][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 90.776861][ T9951] ? lock_downgrade+0x920/0x920 [ 90.781714][ T9951] ? netlink_deliver_tap+0x228/0xbf0 [ 90.787005][ T9951] ? find_held_lock+0x35/0x130 [ 90.791968][ T9951] netlink_rcv_skb+0x177/0x450 [ 90.796761][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 90.802207][ T9951] ? netlink_ack+0xb50/0xb50 [ 90.806808][ T9951] ? __kasan_check_read+0x11/0x20 [ 90.811993][ T9951] ? netlink_deliver_tap+0x24a/0xbf0 [ 90.817421][ T9951] rtnetlink_rcv+0x1d/0x30 [ 90.821875][ T9951] netlink_unicast+0x59e/0x7e0 [ 90.826878][ T9951] ? netlink_attachskb+0x870/0x870 [ 90.832018][ T9951] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 90.837759][ T9951] ? __check_object_size+0x3d/0x437 [ 90.842997][ T9951] netlink_sendmsg+0x91c/0xea0 [ 90.847759][ T9951] ? netlink_unicast+0x7e0/0x7e0 [ 90.852697][ T9951] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 90.858236][ T9951] ? apparmor_socket_sendmsg+0x2a/0x30 [ 90.863760][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.870038][ T9951] ? security_socket_sendmsg+0x8d/0xc0 [ 90.875646][ T9951] ? netlink_unicast+0x7e0/0x7e0 [ 90.880599][ T9951] sock_sendmsg+0xd7/0x130 [ 90.885016][ T9951] ____sys_sendmsg+0x753/0x880 [ 90.889787][ T9951] ? kernel_sendmsg+0x50/0x50 [ 90.894471][ T9951] ? mark_held_locks+0xa4/0xf0 [ 90.903821][ T9951] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 90.909942][ T9951] ? __handle_mm_fault+0x3145/0x3cc0 [ 90.915246][ T9951] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 90.921321][ T9951] ___sys_sendmsg+0x100/0x170 [ 90.926003][ T9951] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 90.931997][ T9951] ? sendmsg_copy_msghdr+0x70/0x70 [ 90.937150][ T9951] ? __do_page_fault+0x56a/0xd80 [ 90.942279][ T9951] ? find_held_lock+0x35/0x130 [ 90.947198][ T9951] ? __do_page_fault+0x56a/0xd80 [ 90.952542][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.959033][ T9951] ? __fget_light+0x1a9/0x230 [ 90.963728][ T9951] ? __fdget+0x1b/0x20 [ 90.967805][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 90.974046][ T9951] __sys_sendmsg+0x105/0x1d0 [ 90.978750][ T9951] ? __sys_sendmsg_sock+0xc0/0xc0 [ 90.984938][ T9951] ? down_read_non_owner+0x490/0x490 [ 90.990238][ T9951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 90.995700][ T9951] ? do_syscall_64+0x26/0x790 [ 91.000458][ T9951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.006697][ T9951] ? do_syscall_64+0x26/0x790 [ 91.011482][ T9951] __x64_sys_sendmsg+0x78/0xb0 [ 91.016256][ T9951] do_syscall_64+0xfa/0x790 [ 91.020839][ T9951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.026950][ T9951] RIP: 0033:0x4402b9 [ 91.030933][ T9951] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 91.051357][ T9951] RSP: 002b:00007ffed3f8c868 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.060144][ T9951] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9 [ 91.072267][ T9951] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 91.080242][ T9951] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 91.091340][ T9951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 91.099417][ T9951] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 91.107537][ T9951] [ 91.109975][ T9951] Allocated by task 9951: [ 91.114868][ T9951] save_stack+0x23/0x90 [ 91.119028][ T9951] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 91.124772][ T9951] kasan_slab_alloc+0xf/0x20 [ 91.129411][ T9951] kmem_cache_alloc+0x121/0x710 [ 91.134364][ T9951] sk_prot_alloc+0x67/0x310 [ 91.138867][ T9951] sk_alloc+0x39/0xfd0 [ 91.144248][ T9951] inet_create+0x363/0xe10 [ 91.148671][ T9951] __sock_create+0x3ce/0x730 [ 91.153488][ T9951] __sys_socket+0x103/0x220 [ 91.158260][ T9951] __x64_sys_socket+0x73/0xb0 [ 91.162967][ T9951] do_syscall_64+0xfa/0x790 [ 91.167479][ T9951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.173547][ T9951] [ 91.175954][ T9951] Freed by task 0: [ 91.179686][ T9951] (stack is not available) [ 91.184620][ T9951] [ 91.186951][ T9951] The buggy address belongs to the object at ffff8880a4f9e040 [ 91.186951][ T9951] which belongs to the cache RAW of size 1360 [ 91.200671][ T9951] The buggy address is located 0 bytes to the right of [ 91.200671][ T9951] 1360-byte region [ffff8880a4f9e040, ffff8880a4f9e590) [ 91.215123][ T9951] The buggy address belongs to the page: [ 91.221023][ T9951] page:ffffea000293e780 refcount:1 mapcount:0 mapping:ffff8880a5c60380 index:0x0 compound_mapcount: 0 [ 91.232528][ T9951] raw: 00fffe0000010200 ffff8880a4ca7a48 ffff8880a4ca7a48 ffff8880a5c60380 [ 91.241328][ T9951] raw: 0000000000000000 ffff8880a4f9e040 0000000100000005 0000000000000000 [ 91.250099][ T9951] page dumped because: kasan: bad access detected [ 91.256556][ T9951] [ 91.258900][ T9951] Memory state around the buggy address: [ 91.264547][ T9951] ffff8880a4f9e480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.272618][ T9951] ffff8880a4f9e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.280678][ T9951] >ffff8880a4f9e580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.288753][ T9951] ^ [ 91.293349][ T9951] ffff8880a4f9e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.301590][ T9951] ffff8880a4f9e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.309670][ T9951] ================================================================== [ 91.317723][ T9951] Disabling lock debugging due to kernel taint [ 91.324331][ T9951] Kernel panic - not syncing: panic_on_warn set ... [ 91.331045][ T9951] CPU: 0 PID: 9951 Comm: syz-executor342 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 91.341436][ T9951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.351573][ T9951] Call Trace: [ 91.354854][ T9951] dump_stack+0x197/0x210 [ 91.359173][ T9951] panic+0x2e3/0x75c [ 91.363048][ T9951] ? add_taint.cold+0x16/0x16 [ 91.367887][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 91.376658][ T9951] ? preempt_schedule+0x4b/0x60 [ 91.381599][ T9951] ? ___preempt_schedule+0x16/0x18 [ 91.386963][ T9951] ? trace_hardirqs_on+0x5e/0x240 [ 91.392278][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 91.397924][ T9951] end_report+0x47/0x4f [ 91.402082][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 91.408177][ T9951] __kasan_report.cold+0xe/0x41 [ 91.413122][ T9951] ? trace_hardirqs_off+0x1e1/0x240 [ 91.418330][ T9951] ? setup_udp_tunnel_sock+0x43d/0x520 [ 91.423796][ T9951] kasan_report+0x12/0x20 [ 91.428296][ T9951] __asan_report_store1_noabort+0x17/0x20 [ 91.434992][ T9951] setup_udp_tunnel_sock+0x43d/0x520 [ 91.440283][ T9951] gtp_encap_enable_socket+0x33f/0x420 [ 91.446427][ T9951] ? gtp_find_pdp_by_link+0x480/0x480 [ 91.451917][ T9951] ? memset+0x32/0x40 [ 91.455898][ T9951] ? gtp1_pdp_find.isra.0+0x180/0x180 [ 91.461508][ T9951] ? __gtp_encap_destroy+0x1e0/0x1e0 [ 91.466823][ T9951] ? alloc_netdev_mqs+0xa22/0xde0 [ 91.471851][ T9951] gtp_newlink+0x95/0xc60 [ 91.476302][ T9951] ? rtnl_create_link+0x192/0xab0 [ 91.481406][ T9951] ? netlink_ns_capable+0x26/0x30 [ 91.486450][ T9951] ? gtp_genl_get_pdp+0x5c0/0x5c0 [ 91.491494][ T9951] __rtnl_newlink+0x109d/0x1790 [ 91.497756][ T9951] ? rtnl_link_unregister+0x250/0x250 [ 91.503178][ T9951] ? is_bpf_text_address+0xce/0x160 [ 91.508372][ T9951] ? unwind_get_return_address+0x61/0xa0 [ 91.514089][ T9951] ? profile_setup.cold+0xbb/0xbb [ 91.519258][ T9951] ? arch_stack_walk+0x97/0xf0 [ 91.524036][ T9951] ? stack_trace_save+0xac/0xe0 [ 91.528973][ T9951] ? stack_trace_consume_entry+0x190/0x190 [ 91.535008][ T9951] ? mark_lock+0xc2/0x1220 [ 91.539430][ T9951] ? save_stack+0x5c/0x90 [ 91.543753][ T9951] ? save_stack+0x23/0x90 [ 91.548078][ T9951] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 91.554085][ T9951] ? rtnl_newlink+0x4b/0xa0 [ 91.558668][ T9951] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 91.564290][ T9951] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 91.570302][ T9951] rtnl_newlink+0x69/0xa0 [ 91.574651][ T9951] ? __rtnl_newlink+0x1790/0x1790 [ 91.579733][ T9951] rtnetlink_rcv_msg+0x45e/0xaf0 [ 91.584973][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 91.590272][ T9951] ? lock_downgrade+0x920/0x920 [ 91.595231][ T9951] ? netlink_deliver_tap+0x228/0xbf0 [ 91.600625][ T9951] ? find_held_lock+0x35/0x130 [ 91.605447][ T9951] netlink_rcv_skb+0x177/0x450 [ 91.610361][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 91.615666][ T9951] ? netlink_ack+0xb50/0xb50 [ 91.620413][ T9951] ? __kasan_check_read+0x11/0x20 [ 91.625444][ T9951] ? netlink_deliver_tap+0x24a/0xbf0 [ 91.630871][ T9951] rtnetlink_rcv+0x1d/0x30 [ 91.635278][ T9951] netlink_unicast+0x59e/0x7e0 [ 91.640032][ T9951] ? netlink_attachskb+0x870/0x870 [ 91.646488][ T9951] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 91.652193][ T9951] ? __check_object_size+0x3d/0x437 [ 91.657380][ T9951] netlink_sendmsg+0x91c/0xea0 [ 91.662280][ T9951] ? netlink_unicast+0x7e0/0x7e0 [ 91.667206][ T9951] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 91.672803][ T9951] ? apparmor_socket_sendmsg+0x2a/0x30 [ 91.678258][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.685102][ T9951] ? security_socket_sendmsg+0x8d/0xc0 [ 91.690582][ T9951] ? netlink_unicast+0x7e0/0x7e0 [ 91.695626][ T9951] sock_sendmsg+0xd7/0x130 [ 91.700154][ T9951] ____sys_sendmsg+0x753/0x880 [ 91.704990][ T9951] ? kernel_sendmsg+0x50/0x50 [ 91.709671][ T9951] ? mark_held_locks+0xa4/0xf0 [ 91.714445][ T9951] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 91.720554][ T9951] ? __handle_mm_fault+0x3145/0x3cc0 [ 91.725980][ T9951] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 91.732058][ T9951] ___sys_sendmsg+0x100/0x170 [ 91.736735][ T9951] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 91.742705][ T9951] ? sendmsg_copy_msghdr+0x70/0x70 [ 91.747827][ T9951] ? __do_page_fault+0x56a/0xd80 [ 91.752758][ T9951] ? find_held_lock+0x35/0x130 [ 91.757660][ T9951] ? __do_page_fault+0x56a/0xd80 [ 91.762606][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.768917][ T9951] ? __fget_light+0x1a9/0x230 [ 91.773702][ T9951] ? __fdget+0x1b/0x20 [ 91.777912][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 91.784158][ T9951] __sys_sendmsg+0x105/0x1d0 [ 91.788783][ T9951] ? __sys_sendmsg_sock+0xc0/0xc0 [ 91.793818][ T9951] ? down_read_non_owner+0x490/0x490 [ 91.799099][ T9951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 91.804566][ T9951] ? do_syscall_64+0x26/0x790 [ 91.809352][ T9951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.815974][ T9951] ? do_syscall_64+0x26/0x790 [ 91.820673][ T9951] __x64_sys_sendmsg+0x78/0xb0 [ 91.825434][ T9951] do_syscall_64+0xfa/0x790 [ 91.830563][ T9951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.837484][ T9951] RIP: 0033:0x4402b9 [ 91.841360][ T9951] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 91.861053][ T9951] RSP: 002b:00007ffed3f8c868 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.869629][ T9951] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9 [ 91.877780][ T9951] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 91.885796][ T9951] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 91.893875][ T9951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 91.901843][ T9951] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 91.911372][ T9951] Kernel Offset: disabled [ 91.916494][ T9951] Rebooting in 86400 seconds..