[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.254085][ T28] audit: type=1800 audit(1579637517.633:25): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.287664][ T28] audit: type=1800 audit(1579637517.643:26): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.323603][ T28] audit: type=1800 audit(1579637517.643:27): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.361013][ T8915] ================================================================== [ 72.369318][ T8915] BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x3a4/0x400 [ 72.377458][ T8915] Write of size 1 at addr ffff8880a4e9e590 by task syz-executor847/8915 [ 72.385888][ T8915] [ 72.388204][ T8915] CPU: 0 PID: 8915 Comm: syz-executor847 Not tainted 5.5.0-rc7-syzkaller #0 [ 72.396861][ T8915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.406956][ T8915] Call Trace: [ 72.410236][ T8915] dump_stack+0x1fb/0x318 [ 72.415179][ T8915] print_address_description+0x74/0x5c0 [ 72.420764][ T8915] ? vprintk_default+0x28/0x30 [ 72.425523][ T8915] ? vprintk_func+0x158/0x170 [ 72.430205][ T8915] ? printk+0x62/0x8d [ 72.434195][ T8915] __kasan_report+0x149/0x1c0 [ 72.438866][ T8915] ? setup_udp_tunnel_sock+0x3a4/0x400 [ 72.444397][ T8915] kasan_report+0x26/0x50 [ 72.448724][ T8915] __asan_report_store1_noabort+0x17/0x20 [ 72.454438][ T8915] setup_udp_tunnel_sock+0x3a4/0x400 [ 72.459711][ T8915] gtp_encap_enable_socket+0x27b/0x340 [ 72.465198][ T8915] ? gtp_encap_enable_socket+0x340/0x340 [ 72.470823][ T8915] ? gtp_encap_recv+0xbf0/0xbf0 [ 72.475656][ T8915] gtp_newlink+0x81/0x1160 [ 72.480080][ T8915] ? rtnl_create_link+0x6d5/0x8f0 [ 72.485150][ T8915] rtnl_newlink+0x143e/0x1c00 [ 72.489896][ T8915] ? __mutex_lock_common+0x53d/0x2f30 [ 72.495271][ T8915] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 72.500380][ T8915] ? rtnl_setlink+0x490/0x490 [ 72.505058][ T8915] rtnetlink_rcv_msg+0x889/0xd40 [ 72.510131][ T8915] ? rcu_lock_release+0x9/0x30 [ 72.514986][ T8915] netlink_rcv_skb+0x19e/0x3e0 [ 72.519756][ T8915] ? rtnetlink_bind+0x80/0x80 [ 72.524453][ T8915] rtnetlink_rcv+0x1c/0x20 [ 72.529137][ T8915] netlink_unicast+0x767/0x920 [ 72.533987][ T8915] netlink_sendmsg+0xa2c/0xd50 [ 72.538766][ T8915] ? netlink_getsockopt+0x9f0/0x9f0 [ 72.544004][ T8915] ____sys_sendmsg+0x4f7/0x7f0 [ 72.548825][ T8915] __sys_sendmsg+0x1ed/0x290 [ 72.553442][ T8915] ? up_read+0x1d/0x20 [ 72.557512][ T8915] ? do_user_addr_fault+0x654/0xaf0 [ 72.562708][ T8915] ? check_preemption_disabled+0xb4/0x260 [ 72.568430][ T8915] ? debug_smp_processor_id+0x9/0x20 [ 72.573718][ T8915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 72.579178][ T8915] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 72.584915][ T8915] ? do_syscall_64+0x1d/0x1c0 [ 72.590371][ T8915] __x64_sys_sendmsg+0x7f/0x90 [ 72.595152][ T8915] do_syscall_64+0xf7/0x1c0 [ 72.599731][ T8915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.605705][ T8915] RIP: 0033:0x4402b9 [ 72.609619][ T8915] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.629313][ T8915] RSP: 002b:00007fff69c57b68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.637773][ T8915] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9 [ 72.645761][ T8915] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 72.653721][ T8915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 72.661673][ T8915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 72.669684][ T8915] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 72.677844][ T8915] [ 72.680154][ T8915] Allocated by task 8915: [ 72.684517][ T8915] __kasan_kmalloc+0x118/0x1c0 [ 72.689260][ T8915] kasan_slab_alloc+0xf/0x20 [ 72.693840][ T8915] kmem_cache_alloc+0x1f5/0x2e0 [ 72.698675][ T8915] sk_prot_alloc+0x60/0x290 [ 72.703219][ T8915] sk_alloc+0x38/0x9a0 [ 72.707276][ T8915] inet_create+0x5da/0xdb0 [ 72.711672][ T8915] __sock_create+0x5cb/0x910 [ 72.716252][ T8915] __sys_socket+0xe7/0x2e0 [ 72.720701][ T8915] __x64_sys_socket+0x7a/0x90 [ 72.725356][ T8915] do_syscall_64+0xf7/0x1c0 [ 72.729848][ T8915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.736024][ T8915] [ 72.738349][ T8915] Freed by task 0: [ 72.742098][ T8915] (stack is not available) [ 72.746493][ T8915] [ 72.748875][ T8915] The buggy address belongs to the object at ffff8880a4e9e040 [ 72.748875][ T8915] which belongs to the cache RAW of size 1360 [ 72.762720][ T8915] The buggy address is located 0 bytes to the right of [ 72.762720][ T8915] 1360-byte region [ffff8880a4e9e040, ffff8880a4e9e590) [ 72.776410][ T8915] The buggy address belongs to the page: [ 72.782041][ T8915] page:ffffea000293a780 refcount:1 mapcount:0 mapping:ffff8880a7bc8380 index:0x0 compound_mapcount: 0 [ 72.793016][ T8915] raw: 00fffe0000010200 ffff8880a5328448 ffff8880a5328448 ffff8880a7bc8380 [ 72.801592][ T8915] raw: 0000000000000000 ffff8880a4e9e040 0000000100000005 0000000000000000 [ 72.810187][ T8915] page dumped because: kasan: bad access detected [ 72.816580][ T8915] [ 72.818918][ T8915] Memory state around the buggy address: [ 72.824709][ T8915] ffff8880a4e9e480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.832831][ T8915] ffff8880a4e9e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.841057][ T8915] >ffff8880a4e9e580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.849245][ T8915] ^ [ 72.853845][ T8915] ffff8880a4e9e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.862153][ T8915] ffff8880a4e9e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.870287][ T8915] ================================================================== [ 72.878326][ T8915] Disabling lock debugging due to kernel taint [ 72.884743][ T8915] Kernel panic - not syncing: panic_on_warn set ... [ 72.891326][ T8915] CPU: 0 PID: 8915 Comm: syz-executor847 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 72.901365][ T8915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.911407][ T8915] Call Trace: [ 72.914679][ T8915] dump_stack+0x1fb/0x318 [ 72.919021][ T8915] panic+0x264/0x7a9 [ 72.922902][ T8915] ? __kasan_report+0x193/0x1c0 [ 72.927773][ T8915] ? trace_hardirqs_on+0x34/0x80 [ 72.932732][ T8915] ? __kasan_report+0x193/0x1c0 [ 72.937565][ T8915] __kasan_report+0x1b9/0x1c0 [ 72.942241][ T8915] ? setup_udp_tunnel_sock+0x3a4/0x400 [ 72.947687][ T8915] kasan_report+0x26/0x50 [ 72.952003][ T8915] __asan_report_store1_noabort+0x17/0x20 [ 72.957703][ T8915] setup_udp_tunnel_sock+0x3a4/0x400 [ 72.962963][ T8915] gtp_encap_enable_socket+0x27b/0x340 [ 72.968402][ T8915] ? gtp_encap_enable_socket+0x340/0x340 [ 72.974010][ T8915] ? gtp_encap_recv+0xbf0/0xbf0 [ 72.978843][ T8915] gtp_newlink+0x81/0x1160 [ 72.983262][ T8915] ? rtnl_create_link+0x6d5/0x8f0 [ 72.988308][ T8915] rtnl_newlink+0x143e/0x1c00 [ 72.993002][ T8915] ? __mutex_lock_common+0x53d/0x2f30 [ 72.998456][ T8915] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 73.003547][ T8915] ? rtnl_setlink+0x490/0x490 [ 73.008205][ T8915] rtnetlink_rcv_msg+0x889/0xd40 [ 73.013143][ T8915] ? rcu_lock_release+0x9/0x30 [ 73.017896][ T8915] netlink_rcv_skb+0x19e/0x3e0 [ 73.022636][ T8915] ? rtnetlink_bind+0x80/0x80 [ 73.027294][ T8915] rtnetlink_rcv+0x1c/0x20 [ 73.031799][ T8915] netlink_unicast+0x767/0x920 [ 73.036638][ T8915] netlink_sendmsg+0xa2c/0xd50 [ 73.041488][ T8915] ? netlink_getsockopt+0x9f0/0x9f0 [ 73.046677][ T8915] ____sys_sendmsg+0x4f7/0x7f0 [ 73.051952][ T8915] __sys_sendmsg+0x1ed/0x290 [ 73.056581][ T8915] ? up_read+0x1d/0x20 [ 73.060690][ T8915] ? do_user_addr_fault+0x654/0xaf0 [ 73.065876][ T8915] ? check_preemption_disabled+0xb4/0x260 [ 73.071581][ T8915] ? debug_smp_processor_id+0x9/0x20 [ 73.076853][ T8915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.082393][ T8915] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 73.088099][ T8915] ? do_syscall_64+0x1d/0x1c0 [ 73.092763][ T8915] __x64_sys_sendmsg+0x7f/0x90 [ 73.097510][ T8915] do_syscall_64+0xf7/0x1c0 [ 73.102010][ T8915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.107875][ T8915] RIP: 0033:0x4402b9 [ 73.111928][ T8915] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.131519][ T8915] RSP: 002b:00007fff69c57b68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.139968][ T8915] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9 [ 73.147936][ T8915] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 73.155888][ T8915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 73.163891][ T8915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 73.171853][ T8915] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 73.181420][ T8915] Kernel Offset: disabled [ 73.186012][ T8915] Rebooting in 86400 seconds..