[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   70.121696][   T27] audit: type=1800 audit(1579725400.071:25): pid=9563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   70.141639][   T27] audit: type=1800 audit(1579725400.071:26): pid=9563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   70.197768][   T27] audit: type=1800 audit(1579725400.071:27): pid=9563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   82.827027][ T9717] ==================================================================
[   82.835231][ T9717] BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x43d/0x520
[   82.843411][ T9717] Write of size 1 at addr ffff8880a4f6e590 by task syz-executor347/9717
[   82.851819][ T9717] 
[   82.854194][ T9717] CPU: 0 PID: 9717 Comm: syz-executor347 Not tainted 5.5.0-rc7-syzkaller #0
[   82.862872][ T9717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.872918][ T9717] Call Trace:
[   82.876207][ T9717]  dump_stack+0x197/0x210
[   82.880524][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   82.886017][ T9717]  print_address_description.constprop.0.cold+0xd4/0x30b
[   82.893025][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   82.898512][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   82.904160][ T9717]  __kasan_report.cold+0x1b/0x41
[   82.909088][ T9717]  ? trace_hardirqs_on+0x51/0x240
[   82.914099][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   82.919554][ T9717]  kasan_report+0x12/0x20
[   82.923867][ T9717]  __asan_report_store1_noabort+0x17/0x20
[   82.929572][ T9717]  setup_udp_tunnel_sock+0x43d/0x520
[   82.934857][ T9717]  gtp_encap_enable_socket+0x338/0x420
[   82.940345][ T9717]  ? gtp_find_pdp_by_link+0x480/0x480
[   82.945769][ T9717]  ? memset+0x32/0x40
[   82.949736][ T9717]  ? gtp1_pdp_find.isra.0+0x180/0x180
[   82.955093][ T9717]  ? __gtp_encap_destroy+0x1e0/0x1e0
[   82.960380][ T9717]  ? alloc_netdev_mqs+0xa22/0xde0
[   82.965397][ T9717]  gtp_newlink+0x95/0xc60
[   82.969721][ T9717]  ? rtnl_create_link+0x192/0xab0
[   82.974772][ T9717]  ? netlink_ns_capable+0x26/0x30
[   82.979784][ T9717]  ? gtp_genl_get_pdp+0x5c0/0x5c0
[   82.984792][ T9717]  __rtnl_newlink+0x109e/0x1790
[   82.989631][ T9717]  ? rtnl_link_unregister+0x250/0x250
[   82.994987][ T9717]  ? is_bpf_text_address+0xce/0x160
[   83.000346][ T9717]  ? kernel_text_address+0x73/0xf0
[   83.005439][ T9717]  ? unwind_get_return_address+0x61/0xa0
[   83.011051][ T9717]  ? profile_setup.cold+0xbb/0xbb
[   83.016058][ T9717]  ? arch_stack_walk+0x97/0xf0
[   83.020850][ T9717]  ? stack_trace_save+0xac/0xe0
[   83.025694][ T9717]  ? stack_trace_consume_entry+0x190/0x190
[   83.031496][ T9717]  ? mark_lock+0xc2/0x1220
[   83.035914][ T9717]  ? save_stack+0x5c/0x90
[   83.040298][ T9717]  ? save_stack+0x23/0x90
[   83.044610][ T9717]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   83.050430][ T9717]  ? kasan_kmalloc+0x9/0x10
[   83.054928][ T9717]  ? kmem_cache_alloc_trace+0x158/0x790
[   83.060482][ T9717]  ? rtnl_newlink+0x4b/0xa0
[   83.065019][ T9717]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   83.070548][ T9717]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   83.076522][ T9717]  rtnl_newlink+0x69/0xa0
[   83.080840][ T9717]  ? __rtnl_newlink+0x1790/0x1790
[   83.085865][ T9717]  rtnetlink_rcv_msg+0x45e/0xaf0
[   83.090797][ T9717]  ? rtnl_bridge_getlink+0x910/0x910
[   83.096108][ T9717]  ? lock_downgrade+0x920/0x920
[   83.100990][ T9717]  ? netlink_deliver_tap+0x228/0xbe0
[   83.106266][ T9717]  ? find_held_lock+0x35/0x130
[   83.111020][ T9717]  netlink_rcv_skb+0x177/0x450
[   83.115778][ T9717]  ? rtnl_bridge_getlink+0x910/0x910
[   83.121113][ T9717]  ? netlink_ack+0xb50/0xb50
[   83.125695][ T9717]  ? __kasan_check_read+0x11/0x20
[   83.130754][ T9717]  ? netlink_deliver_tap+0x24a/0xbe0
[   83.136042][ T9717]  rtnetlink_rcv+0x1d/0x30
[   83.140455][ T9717]  netlink_unicast+0x58c/0x7d0
[   83.145222][ T9717]  ? netlink_attachskb+0x870/0x870
[   83.150411][ T9717]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   83.156132][ T9717]  ? __check_object_size+0x3d/0x437
[   83.161339][ T9717]  netlink_sendmsg+0x91c/0xea0
[   83.166107][ T9717]  ? netlink_unicast+0x7d0/0x7d0
[   83.171047][ T9717]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   83.176601][ T9717]  ? apparmor_socket_sendmsg+0x2a/0x30
[   83.182051][ T9717]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   83.188285][ T9717]  ? security_socket_sendmsg+0x8d/0xc0
[   83.193750][ T9717]  ? netlink_unicast+0x7d0/0x7d0
[   83.198687][ T9717]  sock_sendmsg+0xd7/0x130
[   83.203086][ T9717]  ____sys_sendmsg+0x753/0x880
[   83.207834][ T9717]  ? kernel_sendmsg+0x50/0x50
[   83.212506][ T9717]  ? mark_held_locks+0xa4/0xf0
[   83.217267][ T9717]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   83.223317][ T9717]  ? __handle_mm_fault+0x3145/0x3cc0
[   83.228582][ T9717]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   83.234646][ T9717]  ___sys_sendmsg+0x100/0x170
[   83.239307][ T9717]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   83.245290][ T9717]  ? sendmsg_copy_msghdr+0x70/0x70
[   83.250395][ T9717]  ? __do_page_fault+0x56a/0xd80
[   83.255315][ T9717]  ? find_held_lock+0x35/0x130
[   83.260064][ T9717]  ? __do_page_fault+0x56a/0xd80
[   83.265002][ T9717]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   83.271229][ T9717]  ? __fget_light+0x1a9/0x230
[   83.275888][ T9717]  ? __fdget+0x1b/0x20
[   83.279941][ T9717]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   83.286188][ T9717]  __sys_sendmsg+0x105/0x1d0
[   83.290778][ T9717]  ? __sys_sendmsg_sock+0xc0/0xc0
[   83.295803][ T9717]  ? down_read_non_owner+0x490/0x490
[   83.301079][ T9717]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   83.306518][ T9717]  ? do_syscall_64+0x26/0x790
[   83.311205][ T9717]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.317258][ T9717]  ? do_syscall_64+0x26/0x790
[   83.321925][ T9717]  __x64_sys_sendmsg+0x78/0xb0
[   83.326673][ T9717]  do_syscall_64+0xfa/0x790
[   83.331172][ T9717]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.337040][ T9717] RIP: 0033:0x4402b9
[   83.340923][ T9717] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   83.360514][ T9717] RSP: 002b:00007fff970ad758 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.368914][ T9717] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9
[   83.376874][ T9717] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   83.384989][ T9717] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   83.392947][ T9717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40
[   83.400955][ T9717] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[   83.408974][ T9717] 
[   83.411322][ T9717] Allocated by task 9717:
[   83.415635][ T9717]  save_stack+0x23/0x90
[   83.419822][ T9717]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   83.425436][ T9717]  kasan_slab_alloc+0xf/0x20
[   83.430054][ T9717]  kmem_cache_alloc+0x121/0x710
[   83.434888][ T9717]  sk_prot_alloc+0x67/0x310
[   83.439372][ T9717]  sk_alloc+0x39/0xfd0
[   83.443423][ T9717]  inet_create+0x363/0xdf0
[   83.447859][ T9717]  __sock_create+0x3ce/0x730
[   83.452426][ T9717]  __sys_socket+0x103/0x220
[   83.456959][ T9717]  __x64_sys_socket+0x73/0xb0
[   83.461627][ T9717]  do_syscall_64+0xfa/0x790
[   83.466122][ T9717]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.471996][ T9717] 
[   83.474306][ T9717] Freed by task 0:
[   83.478000][ T9717] (stack is not available)
[   83.482391][ T9717] 
[   83.484702][ T9717] The buggy address belongs to the object at ffff8880a4f6e040
[   83.484702][ T9717]  which belongs to the cache RAW of size 1360
[   83.498320][ T9717] The buggy address is located 0 bytes to the right of
[   83.498320][ T9717]  1360-byte region [ffff8880a4f6e040, ffff8880a4f6e590)
[   83.512055][ T9717] The buggy address belongs to the page:
[   83.517827][ T9717] page:ffffea000293db80 refcount:1 mapcount:0 mapping:ffff88821a9a4540 index:0x0 compound_mapcount: 0
[   83.528749][ T9717] raw: 00fffe0000010200 ffff8880a57c2b48 ffff8880a57c2b48 ffff88821a9a4540
[   83.537322][ T9717] raw: 0000000000000000 ffff8880a4f6e040 0000000100000005 0000000000000000
[   83.545882][ T9717] page dumped because: kasan: bad access detected
[   83.552271][ T9717] 
[   83.554603][ T9717] Memory state around the buggy address:
[   83.560212][ T9717]  ffff8880a4f6e480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.568252][ T9717]  ffff8880a4f6e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.576302][ T9717] >ffff8880a4f6e580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.584341][ T9717]                          ^
[   83.588911][ T9717]  ffff8880a4f6e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.596971][ T9717]  ffff8880a4f6e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.605024][ T9717] ==================================================================
[   83.613075][ T9717] Disabling lock debugging due to kernel taint
[   83.620074][ T9717] Kernel panic - not syncing: panic_on_warn set ...
[   83.626702][ T9717] CPU: 0 PID: 9717 Comm: syz-executor347 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   83.636786][ T9717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.646826][ T9717] Call Trace:
[   83.650108][ T9717]  dump_stack+0x197/0x210
[   83.654429][ T9717]  panic+0x2e3/0x75c
[   83.658310][ T9717]  ? add_taint.cold+0x16/0x16
[   83.663035][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   83.668522][ T9717]  ? preempt_schedule+0x4b/0x60
[   83.673357][ T9717]  ? ___preempt_schedule+0x16/0x18
[   83.678454][ T9717]  ? trace_hardirqs_on+0x5e/0x240
[   83.683461][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   83.688900][ T9717]  end_report+0x47/0x4f
[   83.693058][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   83.698495][ T9717]  __kasan_report.cold+0xe/0x41
[   83.703323][ T9717]  ? trace_hardirqs_on+0x51/0x240
[   83.708331][ T9717]  ? setup_udp_tunnel_sock+0x43d/0x520
[   83.713774][ T9717]  kasan_report+0x12/0x20
[   83.718082][ T9717]  __asan_report_store1_noabort+0x17/0x20
[   83.723793][ T9717]  setup_udp_tunnel_sock+0x43d/0x520
[   83.729080][ T9717]  gtp_encap_enable_socket+0x338/0x420
[   83.734518][ T9717]  ? gtp_find_pdp_by_link+0x480/0x480
[   83.739874][ T9717]  ? memset+0x32/0x40
[   83.743853][ T9717]  ? gtp1_pdp_find.isra.0+0x180/0x180
[   83.749248][ T9717]  ? __gtp_encap_destroy+0x1e0/0x1e0
[   83.754546][ T9717]  ? alloc_netdev_mqs+0xa22/0xde0
[   83.759548][ T9717]  gtp_newlink+0x95/0xc60
[   83.763854][ T9717]  ? rtnl_create_link+0x192/0xab0
[   83.768855][ T9717]  ? netlink_ns_capable+0x26/0x30
[   83.773860][ T9717]  ? gtp_genl_get_pdp+0x5c0/0x5c0
[   83.778864][ T9717]  __rtnl_newlink+0x109e/0x1790
[   83.783697][ T9717]  ? rtnl_link_unregister+0x250/0x250
[   83.789045][ T9717]  ? is_bpf_text_address+0xce/0x160
[   83.794228][ T9717]  ? kernel_text_address+0x73/0xf0
[   83.799319][ T9717]  ? unwind_get_return_address+0x61/0xa0
[   83.804927][ T9717]  ? profile_setup.cold+0xbb/0xbb
[   83.809963][ T9717]  ? arch_stack_walk+0x97/0xf0
[   83.814723][ T9717]  ? stack_trace_save+0xac/0xe0
[   83.819575][ T9717]  ? stack_trace_consume_entry+0x190/0x190
[   83.825355][ T9717]  ? mark_lock+0xc2/0x1220
[   83.829761][ T9717]  ? save_stack+0x5c/0x90
[   83.834067][ T9717]  ? save_stack+0x23/0x90
[   83.838370][ T9717]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   83.844147][ T9717]  ? kasan_kmalloc+0x9/0x10
[   83.848624][ T9717]  ? kmem_cache_alloc_trace+0x158/0x790
[   83.854163][ T9717]  ? rtnl_newlink+0x4b/0xa0
[   83.858648][ T9717]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   83.864171][ T9717]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   83.870131][ T9717]  rtnl_newlink+0x69/0xa0
[   83.874445][ T9717]  ? __rtnl_newlink+0x1790/0x1790
[   83.879442][ T9717]  rtnetlink_rcv_msg+0x45e/0xaf0
[   83.884351][ T9717]  ? rtnl_bridge_getlink+0x910/0x910
[   83.889610][ T9717]  ? lock_downgrade+0x920/0x920
[   83.894446][ T9717]  ? netlink_deliver_tap+0x228/0xbe0
[   83.899702][ T9717]  ? find_held_lock+0x35/0x130
[   83.904441][ T9717]  netlink_rcv_skb+0x177/0x450
[   83.909178][ T9717]  ? rtnl_bridge_getlink+0x910/0x910
[   83.914436][ T9717]  ? netlink_ack+0xb50/0xb50
[   83.918999][ T9717]  ? __kasan_check_read+0x11/0x20
[   83.923999][ T9717]  ? netlink_deliver_tap+0x24a/0xbe0
[   83.929257][ T9717]  rtnetlink_rcv+0x1d/0x30
[   83.933770][ T9717]  netlink_unicast+0x58c/0x7d0
[   83.938715][ T9717]  ? netlink_attachskb+0x870/0x870
[   83.943866][ T9717]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   83.949578][ T9717]  ? __check_object_size+0x3d/0x437
[   83.954756][ T9717]  netlink_sendmsg+0x91c/0xea0
[   83.959501][ T9717]  ? netlink_unicast+0x7d0/0x7d0
[   83.964423][ T9717]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   83.969960][ T9717]  ? apparmor_socket_sendmsg+0x2a/0x30
[   83.975414][ T9717]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   83.981633][ T9717]  ? security_socket_sendmsg+0x8d/0xc0
[   83.987073][ T9717]  ? netlink_unicast+0x7d0/0x7d0
[   83.991990][ T9717]  sock_sendmsg+0xd7/0x130
[   83.996414][ T9717]  ____sys_sendmsg+0x753/0x880
[   84.001190][ T9717]  ? kernel_sendmsg+0x50/0x50
[   84.005847][ T9717]  ? mark_held_locks+0xa4/0xf0
[   84.010694][ T9717]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   84.016741][ T9717]  ? __handle_mm_fault+0x3145/0x3cc0
[   84.022075][ T9717]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   84.028136][ T9717]  ___sys_sendmsg+0x100/0x170
[   84.032799][ T9717]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   84.038830][ T9717]  ? sendmsg_copy_msghdr+0x70/0x70
[   84.043922][ T9717]  ? __do_page_fault+0x56a/0xd80
[   84.048906][ T9717]  ? find_held_lock+0x35/0x130
[   84.053661][ T9717]  ? __do_page_fault+0x56a/0xd80
[   84.058628][ T9717]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.064846][ T9717]  ? __fget_light+0x1a9/0x230
[   84.069503][ T9717]  ? __fdget+0x1b/0x20
[   84.073554][ T9717]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   84.079824][ T9717]  __sys_sendmsg+0x105/0x1d0
[   84.084409][ T9717]  ? __sys_sendmsg_sock+0xc0/0xc0
[   84.089418][ T9717]  ? down_read_non_owner+0x490/0x490
[   84.094695][ T9717]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   84.100144][ T9717]  ? do_syscall_64+0x26/0x790
[   84.104817][ T9717]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.110869][ T9717]  ? do_syscall_64+0x26/0x790
[   84.115530][ T9717]  __x64_sys_sendmsg+0x78/0xb0
[   84.120387][ T9717]  do_syscall_64+0xfa/0x790
[   84.124877][ T9717]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.130754][ T9717] RIP: 0033:0x4402b9
[   84.134639][ T9717] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   84.154380][ T9717] RSP: 002b:00007fff970ad758 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.162875][ T9717] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9
[   84.170824][ T9717] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   84.178788][ T9717] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   84.188535][ T9717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40
[   84.196576][ T9717] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[   84.205877][ T9717] Kernel Offset: disabled
[   84.210212][ T9717] Rebooting in 86400 seconds..