[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. 2020/09/20 13:32:16 fuzzer started 2020/09/20 13:32:17 connecting to host at 10.128.0.105:36753 2020/09/20 13:32:17 checking machine... 2020/09/20 13:32:17 checking revisions... 2020/09/20 13:32:17 testing simple program... syzkaller login: [ 36.462030] audit: type=1400 audit(1600608737.332:8): avc: denied { execmem } for pid=6377 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 36.517723] IPVS: ftp: loaded support on port[0] = 21 2020/09/20 13:32:17 building call list... [ 37.109884] ================================================================================ [ 37.118601] UBSAN: Undefined behaviour in ./include/crypto/hash.h:686:9 [ 37.125341] member access within null pointer of type 'struct crypto_shash' [ 37.132431] CPU: 0 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.198-syzkaller #0 [ 37.139865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.149215] Workqueue: netns cleanup_net [ 37.153276] Call Trace: [ 37.155855] dump_stack+0x21b/0x32e [ 37.159475] ? dma_virt_alloc+0x82/0x82 [ 37.163441] ? ubsan_prologue+0x29/0x50 [ 37.167412] ubsan_epilogue+0xe/0x3a [ 37.171115] handle_null_ptr_deref+0x78/0x80 [ 37.175517] __ubsan_handle_type_mismatch_v1+0x81/0xb0 [ 37.180791] sctp_destruct_sock+0x70/0x80 [ 37.184929] ? sctp_accept+0x730/0x730 [ 37.188808] __sk_destruct+0x93/0x8e0 [ 37.192602] ? proto_unregister+0x5e0/0x5e0 [ 37.196916] ? mark_held_locks+0xc4/0x120 [ 37.201061] __sk_free+0xf4/0x370 [ 37.204507] sk_free+0x30/0x50 [ 37.207693] sctp_close+0x667/0x940 [ 37.211317] ? sctp_init_sock+0x1430/0x1430 [ 37.215628] ? do_raw_spin_unlock+0x1e0/0x310 [ 37.220119] ? ip_mc_drop_socket+0x16/0x270 [ 37.224521] inet_release+0xfe/0x230 [ 37.228327] inet6_release+0x51/0x80 [ 37.232033] __sock_release+0x236/0x330 [ 37.236002] sctp_ctrlsock_exit+0x67/0x90 [ 37.240142] ops_exit_list+0x9a/0x190 [ 37.243933] cleanup_net+0x4a3/0xd30 [ 37.247639] ? net_drop_ns+0x90/0x90 [ 37.251358] process_one_work+0x7ac/0x1890 [ 37.255592] ? pwq_dec_nr_in_flight+0x360/0x360 [ 37.260256] ? lock_acquire+0x197/0x510 [ 37.264212] ? rwlock_bug.part.0+0xe0/0xe0 [ 37.268427] ? worker_thread+0x1e0/0x1330 [ 37.272558] worker_thread+0x6c1/0x1330 [ 37.276518] ? process_one_work+0x1890/0x1890 [ 37.280994] ? process_one_work+0x1890/0x1890 [ 37.285469] kthread+0x35e/0x530 [ 37.288813] ? kthread_create_on_node+0xd0/0xd0 [ 37.293463] ret_from_fork+0x24/0x30 [ 37.297180] ================================================================================ [ 37.590202] can: request_module (can-proto-0) failed. [ 37.601988] can: request_module (can-proto-0) failed. [ 37.612976] can: request_module (can-proto-0) failed. [ 37.659458] audit: type=1400 audit(1600608738.533:9): avc: denied { create } for pid=6360 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1