[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. 2020/05/05 22:31:59 fuzzer started 2020/05/05 22:31:59 connecting to host at 10.128.0.26:46573 2020/05/05 22:31:59 checking machine... 2020/05/05 22:31:59 checking revisions... 2020/05/05 22:31:59 testing simple program... syzkaller login: [ 54.235792][ T7051] IPVS: ftp: loaded support on port[0] = 21 2020/05/05 22:31:59 building call list... [ 54.607683][ T6998] tipc: TX() has been purged, node left! [ 55.888567][ T7035] can: request_module (can-proto-0) failed. executing program [ 57.812511][ T7035] can: request_module (can-proto-0) failed. [ 57.824271][ T7035] can: request_module (can-proto-0) failed. [ 58.306549][ T7035] ================================================================== [ 58.314886][ T7035] BUG: KASAN: null-ptr-deref in x25_disconnect+0x253/0x370 [ 58.322069][ T7035] Write of size 4 at addr 00000000000000d8 by task syz-fuzzer/7035 [ 58.329932][ T7035] [ 58.332254][ T7035] CPU: 0 PID: 7035 Comm: syz-fuzzer Not tainted 5.7.0-rc2-syzkaller #0 [ 58.340462][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.350503][ T7035] Call Trace: [ 58.353785][ T7035] dump_stack+0x188/0x20d [ 58.358114][ T7035] ? x25_disconnect+0x253/0x370 [ 58.362967][ T7035] ? __sock_release+0x280/0x280 [ 58.367807][ T7035] __kasan_report.cold+0x5/0x4d [ 58.372643][ T7035] ? rcu_read_lock_held+0x1/0xb0 [ 58.377563][ T7035] ? x25_disconnect+0x253/0x370 [ 58.382391][ T7035] ? x25_disconnect+0x253/0x370 [ 58.387217][ T7035] kasan_report+0x33/0x50 [ 58.391523][ T7035] check_memory_region+0x141/0x190 [ 58.396620][ T7035] x25_disconnect+0x253/0x370 [ 58.401282][ T7035] x25_release+0x345/0x420 [ 58.405677][ T7035] __sock_release+0xcd/0x280 [ 58.410345][ T7035] sock_close+0x18/0x20 [ 58.414476][ T7035] __fput+0x33e/0x880 [ 58.418455][ T7035] task_work_run+0xf4/0x1b0 [ 58.422952][ T7035] exit_to_usermode_loop+0x2fa/0x360 [ 58.428223][ T7035] do_syscall_64+0x6b1/0x7d0 [ 58.432788][ T7035] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.438665][ T7035] RIP: 0033:0x4afb40 [ 58.442549][ T7035] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 58.462183][ T7035] RSP: 002b:000000c0001bf478 EFLAGS: 00000212 ORIG_RAX: 0000000000000003 [ 58.470591][ T7035] RAX: 0000000000000000 RBX: 000000c00002e500 RCX: 00000000004afb40 [ 58.478565][ T7035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 58.486530][ T7035] RBP: 000000c0001bf4b8 R08: 0000000000000000 R09: 0000000000000000 [ 58.494482][ T7035] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.502566][ T7035] R13: 0000000000000160 R14: 000000000000015f R15: 0000000000000200 [ 58.510534][ T7035] ================================================================== [ 58.518587][ T7035] Disabling lock debugging due to kernel taint [ 58.524771][ T7035] Kernel panic - not syncing: panic_on_warn set ... [ 58.531352][ T7035] CPU: 0 PID: 7035 Comm: syz-fuzzer Tainted: G B 5.7.0-rc2-syzkaller #0 [ 58.540965][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.551353][ T7035] Call Trace: [ 58.554624][ T7035] dump_stack+0x188/0x20d [ 58.558930][ T7035] ? __sock_release+0x280/0x280 [ 58.563760][ T7035] panic+0x2e3/0x75c [ 58.567834][ T7035] ? add_taint.cold+0x16/0x16 [ 58.572495][ T7035] ? x25_disconnect+0x253/0x370 [ 58.577315][ T7035] ? trace_hardirqs_on+0x55/0x220 [ 58.582318][ T7035] ? x25_disconnect+0x253/0x370 [ 58.587154][ T7035] ? __sock_release+0x280/0x280 [ 58.592004][ T7035] end_report+0x4d/0x53 [ 58.596147][ T7035] __kasan_report.cold+0xd/0x4d [ 58.600995][ T7035] ? rcu_read_lock_held+0x1/0xb0 [ 58.605928][ T7035] ? x25_disconnect+0x253/0x370 [ 58.610766][ T7035] ? x25_disconnect+0x253/0x370 [ 58.615597][ T7035] kasan_report+0x33/0x50 [ 58.619900][ T7035] check_memory_region+0x141/0x190 [ 58.624983][ T7035] x25_disconnect+0x253/0x370 [ 58.629632][ T7035] x25_release+0x345/0x420 [ 58.634020][ T7035] __sock_release+0xcd/0x280 [ 58.638581][ T7035] sock_close+0x18/0x20 [ 58.642720][ T7035] __fput+0x33e/0x880 [ 58.646675][ T7035] task_work_run+0xf4/0x1b0 [ 58.651169][ T7035] exit_to_usermode_loop+0x2fa/0x360 [ 58.656442][ T7035] do_syscall_64+0x6b1/0x7d0 [ 58.661016][ T7035] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.666878][ T7035] RIP: 0033:0x4afb40 [ 58.670743][ T7035] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 58.690318][ T7035] RSP: 002b:000000c0001bf478 EFLAGS: 00000212 ORIG_RAX: 0000000000000003 [ 58.698708][ T7035] RAX: 0000000000000000 RBX: 000000c00002e500 RCX: 00000000004afb40 [ 58.706659][ T7035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 58.714601][ T7035] RBP: 000000c0001bf4b8 R08: 0000000000000000 R09: 0000000000000000 [ 58.722543][ T7035] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.730485][ T7035] R13: 0000000000000160 R14: 000000000000015f R15: 0000000000000200 [ 58.739776][ T7035] Kernel Offset: disabled [ 58.744125][ T7035] Rebooting in 86400 seconds..