[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[ 115.912678][ T27] audit: type=1400 audit(1579748718.834:37): avc: denied { watch } for pid=10591 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 120.189751][ T27] kauditd_printk_skb: 3 callbacks suppressed
[ 120.189767][ T27] audit: type=1400 audit(1579748723.114:41): avc: denied { map } for pid=10674 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts.
executing program
[ 126.936722][ T27] audit: type=1400 audit(1579748729.854:42): avc: denied { map } for pid=10686 comm="syz-executor502" path="/root/syz-executor502800525" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 126.941659][T10686] ==================================================================
[ 126.973532][T10686] BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x43d/0x520
[ 126.981676][T10686] Write of size 1 at addr ffff8880a4952590 by task syz-executor502/10686
[ 126.990083][T10686]
[ 126.992405][T10686] CPU: 1 PID: 10686 Comm: syz-executor502 Not tainted 5.5.0-rc7-syzkaller #0
[ 127.001156][T10686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 127.011449][T10686] Call Trace:
[ 127.014861][T10686] dump_stack+0x197/0x210
[ 127.019185][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.024726][T10686] print_address_description.constprop.0.cold+0xd4/0x30b
[ 127.031751][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.037219][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.042675][T10686] __kasan_report.cold+0x1b/0x41
[ 127.047619][T10686] ? trace_hardirqs_on+0x51/0x240
[ 127.052645][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.058464][T10686] kasan_report+0x12/0x20
[ 127.062805][T10686] __asan_report_store1_noabort+0x17/0x20
[ 127.068541][T10686] setup_udp_tunnel_sock+0x43d/0x520
[ 127.073821][T10686] gtp_encap_enable_socket+0x338/0x420
[ 127.079400][T10686] ? gtp_find_pdp_by_link+0x480/0x480
[ 127.084875][T10686] ? memset+0x32/0x40
[ 127.088862][T10686] ? gtp1_pdp_find.isra.0+0x180/0x180
[ 127.094394][T10686] ? __gtp_encap_destroy+0x1e0/0x1e0
[ 127.099808][T10686] ? alloc_netdev_mqs+0xa22/0xde0
[ 127.104963][T10686] gtp_newlink+0x95/0xc60
[ 127.109306][T10686] ? rtnl_create_link+0x192/0xab0
[ 127.114331][T10686] ? netlink_ns_capable+0x26/0x30
[ 127.119590][T10686] ? gtp_genl_get_pdp+0x5c0/0x5c0
[ 127.124621][T10686] __rtnl_newlink+0x109e/0x1790
[ 127.129546][T10686] ? rtnl_link_unregister+0x250/0x250
[ 127.134925][T10686] ? is_bpf_text_address+0xce/0x160
[ 127.140127][T10686] ? kernel_text_address+0x73/0xf0
[ 127.145465][T10686] ? unwind_get_return_address+0x61/0xa0
[ 127.151088][T10686] ? profile_setup.cold+0xbb/0xbb
[ 127.156122][T10686] ? arch_stack_walk+0x97/0xf0
[ 127.161040][T10686] ? stack_trace_save+0xac/0xe0
[ 127.165955][T10686] ? stack_trace_consume_entry+0x190/0x190
[ 127.171884][T10686] ? mark_lock+0xc2/0x1220
[ 127.176350][T10686] ? save_stack+0x5c/0x90
[ 127.180751][T10686] ? save_stack+0x23/0x90
[ 127.185127][T10686] ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 127.190932][T10686] ? kasan_kmalloc+0x9/0x10
[ 127.195423][T10686] ? kmem_cache_alloc_trace+0x158/0x790
[ 127.201001][T10686] ? rtnl_newlink+0x4b/0xa0
[ 127.205626][T10686] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 127.211179][T10686] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 127.217184][T10686] rtnl_newlink+0x69/0xa0
[ 127.221514][T10686] ? __rtnl_newlink+0x1790/0x1790
[ 127.226622][T10686] rtnetlink_rcv_msg+0x45e/0xaf0
[ 127.231764][T10686] ? rtnl_bridge_getlink+0x910/0x910
[ 127.237071][T10686] ? lock_downgrade+0x920/0x920
[ 127.241962][T10686] ? netlink_deliver_tap+0x228/0xbe0
[ 127.247260][T10686] ? find_held_lock+0x35/0x130
[ 127.252239][T10686] netlink_rcv_skb+0x177/0x450
[ 127.256996][T10686] ? rtnl_bridge_getlink+0x910/0x910
[ 127.262340][T10686] ? netlink_ack+0xb50/0xb50
[ 127.267148][T10686] ? __kasan_check_read+0x11/0x20
[ 127.272172][T10686] ? netlink_deliver_tap+0x24a/0xbe0
[ 127.277467][T10686] rtnetlink_rcv+0x1d/0x30
[ 127.282041][T10686] netlink_unicast+0x58c/0x7d0
[ 127.286919][T10686] ? netlink_attachskb+0x870/0x870
[ 127.292032][T10686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 127.298286][T10686] netlink_sendmsg+0x91c/0xea0
[ 127.303354][T10686] ? netlink_unicast+0x7d0/0x7d0
[ 127.308386][T10686] ? tomoyo_socket_sendmsg+0x26/0x30
[ 127.313723][T10686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 127.319969][T10686] ? security_socket_sendmsg+0x8d/0xc0
[ 127.325669][T10686] ? netlink_unicast+0x7d0/0x7d0
[ 127.330602][T10686] sock_sendmsg+0xd7/0x130
[ 127.335021][T10686] ____sys_sendmsg+0x753/0x880
[ 127.339851][T10686] ? kernel_sendmsg+0x50/0x50
[ 127.344710][T10686] ? mark_held_locks+0xa4/0xf0
[ 127.349484][T10686] ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[ 127.355663][T10686] ? __handle_mm_fault+0x3145/0x3cc0
[ 127.361062][T10686] ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[ 127.367372][T10686] ___sys_sendmsg+0x100/0x170
[ 127.372073][T10686] ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[ 127.378282][T10686] ? sendmsg_copy_msghdr+0x70/0x70
[ 127.383529][T10686] ? __do_page_fault+0x56a/0xd80
[ 127.388526][T10686] ? find_held_lock+0x35/0x130
[ 127.393292][T10686] ? __do_page_fault+0x56a/0xd80
[ 127.398355][T10686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 127.404713][T10686] ? __fget_light+0x1a9/0x230
[ 127.409452][T10686] ? __fdget+0x1b/0x20
[ 127.413523][T10686] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 127.419979][T10686] __sys_sendmsg+0x105/0x1d0
[ 127.424584][T10686] ? __sys_sendmsg_sock+0xc0/0xc0
[ 127.429614][T10686] ? down_read_non_owner+0x490/0x490
[ 127.434942][T10686] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 127.440546][T10686] ? do_syscall_64+0x26/0x790
[ 127.445344][T10686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 127.451539][T10686] ? do_syscall_64+0x26/0x790
[ 127.456291][T10686] __x64_sys_sendmsg+0x78/0xb0
[ 127.461159][T10686] do_syscall_64+0xfa/0x790
[ 127.465769][T10686] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 127.471659][T10686] RIP: 0033:0x4402b9
[ 127.475644][T10686] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 127.495332][T10686] RSP: 002b:00007ffc780292f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 127.503838][T10686] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9
[ 127.511867][T10686] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[ 127.520001][T10686] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 127.527988][T10686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40
[ 127.535967][T10686] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[ 127.544063][T10686]
[ 127.546388][T10686] Allocated by task 10686:
[ 127.550804][T10686] save_stack+0x23/0x90
[ 127.555019][T10686] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 127.560751][T10686] kasan_slab_alloc+0xf/0x20
[ 127.565448][T10686] kmem_cache_alloc+0x121/0x710
[ 127.570353][T10686] sk_prot_alloc+0x67/0x310
[ 127.575047][T10686] sk_alloc+0x39/0xfd0
[ 127.579175][T10686] inet_create+0x363/0xdf0
[ 127.583645][T10686] __sock_create+0x3ce/0x730
[ 127.588248][T10686] __sys_socket+0x103/0x220
[ 127.592743][T10686] __x64_sys_socket+0x73/0xb0
[ 127.597486][T10686] do_syscall_64+0xfa/0x790
[ 127.602119][T10686] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 127.608001][T10686]
[ 127.610334][T10686] Freed by task 0:
[ 127.614045][T10686] (stack is not available)
[ 127.618454][T10686]
[ 127.620774][T10686] The buggy address belongs to the object at ffff8880a4952040
[ 127.620774][T10686] which belongs to the cache RAW of size 1360
[ 127.634322][T10686] The buggy address is located 0 bytes to the right of
[ 127.634322][T10686] 1360-byte region [ffff8880a4952040, ffff8880a4952590)
[ 127.648144][T10686] The buggy address belongs to the page:
[ 127.654002][T10686] page:ffffea0002925480 refcount:1 mapcount:0 mapping:ffff88821a8abe00 index:0x0 compound_mapcount: 0
[ 127.665391][T10686] raw: 00fffe0000010200 ffff8880a4d7a348 ffff8880a4d7a348 ffff88821a8abe00
[ 127.674007][T10686] raw: 0000000000000000 ffff8880a4952040 0000000100000005 0000000000000000
[ 127.682583][T10686] page dumped because: kasan: bad access detected
[ 127.688989][T10686]
[ 127.688994][T10686] Memory state around the buggy address:
[ 127.689008][T10686] ffff8880a4952480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.689019][T10686] ffff8880a4952500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.689029][T10686] >ffff8880a4952580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 127.689035][T10686] ^
[ 127.689045][T10686] ffff8880a4952600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 127.689056][T10686] ffff8880a4952680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 127.689061][T10686] ==================================================================
[ 127.689065][T10686] Disabling lock debugging due to kernel taint
[ 127.760213][T10686] Kernel panic - not syncing: panic_on_warn set ...
[ 127.766856][T10686] CPU: 0 PID: 10686 Comm: syz-executor502 Tainted: G B 5.5.0-rc7-syzkaller #0
[ 127.777025][T10686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 127.787104][T10686] Call Trace:
[ 127.790444][T10686] dump_stack+0x197/0x210
[ 127.794764][T10686] panic+0x2e3/0x75c
[ 127.798653][T10686] ? add_taint.cold+0x16/0x16
[ 127.803413][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.809108][T10686] ? preempt_schedule+0x4b/0x60
[ 127.814059][T10686] ? ___preempt_schedule+0x16/0x18
[ 127.819187][T10686] ? trace_hardirqs_on+0x5e/0x240
[ 127.824265][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.830056][T10686] end_report+0x47/0x4f
[ 127.834253][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.839775][T10686] __kasan_report.cold+0xe/0x41
[ 127.844917][T10686] ? trace_hardirqs_on+0x51/0x240
[ 127.849932][T10686] ? setup_udp_tunnel_sock+0x43d/0x520
[ 127.855390][T10686] kasan_report+0x12/0x20
[ 127.859861][T10686] __asan_report_store1_noabort+0x17/0x20
[ 127.865620][T10686] setup_udp_tunnel_sock+0x43d/0x520
[ 127.870949][T10686] gtp_encap_enable_socket+0x338/0x420
[ 127.876422][T10686] ? gtp_find_pdp_by_link+0x480/0x480
[ 127.881799][T10686] ? memset+0x32/0x40
[ 127.885776][T10686] ? gtp1_pdp_find.isra.0+0x180/0x180
[ 127.891250][T10686] ? __gtp_encap_destroy+0x1e0/0x1e0
[ 127.896709][T10686] ? alloc_netdev_mqs+0xa22/0xde0
[ 127.901745][T10686] gtp_newlink+0x95/0xc60
[ 127.906080][T10686] ? rtnl_create_link+0x192/0xab0
[ 127.911112][T10686] ? netlink_ns_capable+0x26/0x30
[ 127.916282][T10686] ? gtp_genl_get_pdp+0x5c0/0x5c0
[ 127.921317][T10686] __rtnl_newlink+0x109e/0x1790
[ 127.926159][T10686] ? rtnl_link_unregister+0x250/0x250
[ 127.931641][T10686] ? is_bpf_text_address+0xce/0x160
[ 127.936889][T10686] ? kernel_text_address+0x73/0xf0
[ 127.942132][T10686] ? unwind_get_return_address+0x61/0xa0
[ 127.947767][T10686] ? profile_setup.cold+0xbb/0xbb
[ 127.952781][T10686] ? arch_stack_walk+0x97/0xf0
[ 127.957544][T10686] ? stack_trace_save+0xac/0xe0
[ 127.962378][T10686] ? stack_trace_consume_entry+0x190/0x190
[ 127.968197][T10686] ? mark_lock+0xc2/0x1220
[ 127.972693][T10686] ? save_stack+0x5c/0x90
[ 127.977111][T10686] ? save_stack+0x23/0x90
[ 127.981491][T10686] ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 127.987423][T10686] ? kasan_kmalloc+0x9/0x10
[ 127.991924][T10686] ? kmem_cache_alloc_trace+0x158/0x790
[ 127.997474][T10686] ? rtnl_newlink+0x4b/0xa0
[ 128.001981][T10686] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 128.007578][T10686] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 128.013721][T10686] rtnl_newlink+0x69/0xa0
[ 128.018033][T10686] ? __rtnl_newlink+0x1790/0x1790
[ 128.023250][T10686] rtnetlink_rcv_msg+0x45e/0xaf0
[ 128.028192][T10686] ? rtnl_bridge_getlink+0x910/0x910
[ 128.033474][T10686] ? lock_downgrade+0x920/0x920
[ 128.038333][T10686] ? netlink_deliver_tap+0x228/0xbe0
[ 128.043644][T10686] ? find_held_lock+0x35/0x130
[ 128.048514][T10686] netlink_rcv_skb+0x177/0x450
[ 128.053331][T10686] ? rtnl_bridge_getlink+0x910/0x910
[ 128.058752][T10686] ? netlink_ack+0xb50/0xb50
[ 128.063341][T10686] ? __kasan_check_read+0x11/0x20
[ 128.068414][T10686] ? netlink_deliver_tap+0x24a/0xbe0
[ 128.073818][T10686] rtnetlink_rcv+0x1d/0x30
[ 128.078220][T10686] netlink_unicast+0x58c/0x7d0
[ 128.083044][T10686] ? netlink_attachskb+0x870/0x870
[ 128.088156][T10686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 128.094445][T10686] netlink_sendmsg+0x91c/0xea0
[ 128.099680][T10686] ? netlink_unicast+0x7d0/0x7d0
[ 128.104644][T10686] ? tomoyo_socket_sendmsg+0x26/0x30
[ 128.109985][T10686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 128.116228][T10686] ? security_socket_sendmsg+0x8d/0xc0
[ 128.121684][T10686] ? netlink_unicast+0x7d0/0x7d0
[ 128.126872][T10686] sock_sendmsg+0xd7/0x130
[ 128.132850][T10686] ____sys_sendmsg+0x753/0x880
[ 128.137634][T10686] ? kernel_sendmsg+0x50/0x50
[ 128.142355][T10686] ? mark_held_locks+0xa4/0xf0
[ 128.147246][T10686] ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[ 128.153500][T10686] ? __handle_mm_fault+0x3145/0x3cc0
[ 128.158805][T10686] ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[ 128.164917][T10686] ___sys_sendmsg+0x100/0x170
[ 128.169596][T10686] ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[ 128.175573][T10686] ? sendmsg_copy_msghdr+0x70/0x70
[ 128.180697][T10686] ? __do_page_fault+0x56a/0xd80
[ 128.185696][T10686] ? find_held_lock+0x35/0x130
[ 128.190463][T10686] ? __do_page_fault+0x56a/0xd80
[ 128.195408][T10686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 128.201647][T10686] ? __fget_light+0x1a9/0x230
[ 128.206464][T10686] ? __fdget+0x1b/0x20
[ 128.210533][T10686] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 128.216776][T10686] __sys_sendmsg+0x105/0x1d0
[ 128.221362][T10686] ? __sys_sendmsg_sock+0xc0/0xc0
[ 128.226384][T10686] ? down_read_non_owner+0x490/0x490
[ 128.231770][T10686] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 128.237213][T10686] ? do_syscall_64+0x26/0x790
[ 128.241890][T10686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 128.247941][T10686] ? do_syscall_64+0x26/0x790
[ 128.252719][T10686] __x64_sys_sendmsg+0x78/0xb0
[ 128.257616][T10686] do_syscall_64+0xfa/0x790
[ 128.262123][T10686] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 128.268094][T10686] RIP: 0033:0x4402b9
[ 128.271992][T10686] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 128.291863][T10686] RSP: 002b:00007ffc780292f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 128.300275][T10686] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402b9
[ 128.308353][T10686] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[ 128.316549][T10686] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 128.324519][T10686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40
[ 128.332691][T10686] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[ 128.342380][T10686] Kernel Offset: disabled
[ 128.346716][T10686] Rebooting in 86400 seconds..