[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.50' (ECDSA) to the list of known hosts. 2020/04/27 21:49:28 fuzzer started 2020/04/27 21:49:29 connecting to host at 10.128.0.26:40237 2020/04/27 21:49:29 checking machine... 2020/04/27 21:49:29 checking revisions... 2020/04/27 21:49:29 testing simple program... syzkaller login: [ 57.591240][ T7041] IPVS: ftp: loaded support on port[0] = 21 2020/04/27 21:49:30 building call list... [ 58.019760][ T6986] tipc: TX() has been purged, node left! [ 59.166048][ T7029] can: request_module (can-proto-0) failed. executing program [ 61.184093][ T7029] can: request_module (can-proto-0) failed. [ 61.195459][ T7029] can: request_module (can-proto-0) failed. [ 61.639547][ T7029] ================================================================== [ 61.647745][ T7029] BUG: KASAN: null-ptr-deref in x25_disconnect+0x253/0x370 [ 61.654920][ T7029] Write of size 4 at addr 00000000000000d8 by task syz-fuzzer/7029 [ 61.662780][ T7029] [ 61.665108][ T7029] CPU: 0 PID: 7029 Comm: syz-fuzzer Not tainted 5.7.0-rc2-syzkaller #0 [ 61.673315][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.683364][ T7029] Call Trace: [ 61.686639][ T7029] dump_stack+0x188/0x20d [ 61.690964][ T7029] ? x25_disconnect+0x253/0x370 [ 61.695807][ T7029] ? __sock_release+0x280/0x280 [ 61.700641][ T7029] __kasan_report.cold+0x5/0x4d [ 61.705474][ T7029] ? rcu_read_lock_held+0x1/0xb0 [ 61.710396][ T7029] ? x25_disconnect+0x253/0x370 [ 61.715227][ T7029] ? x25_disconnect+0x253/0x370 [ 61.720052][ T7029] kasan_report+0x33/0x50 [ 61.724360][ T7029] check_memory_region+0x141/0x190 [ 61.729472][ T7029] x25_disconnect+0x253/0x370 [ 61.734127][ T7029] x25_release+0x345/0x420 [ 61.738522][ T7029] __sock_release+0xcd/0x280 [ 61.743090][ T7029] sock_close+0x18/0x20 [ 61.747224][ T7029] __fput+0x33e/0x880 [ 61.751199][ T7029] task_work_run+0xf4/0x1b0 [ 61.755681][ T7029] exit_to_usermode_loop+0x2fa/0x360 [ 61.760958][ T7029] do_syscall_64+0x6b1/0x7d0 [ 61.765524][ T7029] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.771405][ T7029] RIP: 0033:0x4afb40 [ 61.775279][ T7029] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 61.794876][ T7029] RSP: 002b:000000c0001d94f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000003 [ 61.803261][ T7029] RAX: 0000000000000000 RBX: 000000c00002e500 RCX: 00000000004afb40 [ 61.811208][ T7029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 61.819162][ T7029] RBP: 000000c0001d9538 R08: 0000000000000000 R09: 0000000000000000 [ 61.827118][ T7029] R10: 0000000000000000 R11: 0000000000000216 R12: ffffffffffffffff [ 61.835074][ T7029] R13: 0000000000000163 R14: 0000000000000162 R15: 0000000000000200 [ 61.843037][ T7029] ================================================================== [ 61.851083][ T7029] Disabling lock debugging due to kernel taint [ 61.857266][ T7029] Kernel panic - not syncing: panic_on_warn set ... [ 61.863850][ T7029] CPU: 0 PID: 7029 Comm: syz-fuzzer Tainted: G B 5.7.0-rc2-syzkaller #0 [ 61.873463][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.883507][ T7029] Call Trace: [ 61.886788][ T7029] dump_stack+0x188/0x20d [ 61.891092][ T7029] ? __sock_release+0x280/0x280 [ 61.895928][ T7029] panic+0x2e3/0x75c [ 61.899798][ T7029] ? add_taint.cold+0x16/0x16 [ 61.904464][ T7029] ? x25_disconnect+0x253/0x370 [ 61.909292][ T7029] ? trace_hardirqs_on+0x55/0x220 [ 61.914301][ T7029] ? x25_disconnect+0x253/0x370 [ 61.919123][ T7029] ? __sock_release+0x280/0x280 [ 61.923944][ T7029] end_report+0x4d/0x53 [ 61.928069][ T7029] __kasan_report.cold+0xd/0x4d [ 61.932892][ T7029] ? rcu_read_lock_held+0x1/0xb0 [ 61.937800][ T7029] ? x25_disconnect+0x253/0x370 [ 61.942623][ T7029] ? x25_disconnect+0x253/0x370 [ 61.947444][ T7029] kasan_report+0x33/0x50 [ 61.951764][ T7029] check_memory_region+0x141/0x190 [ 61.956849][ T7029] x25_disconnect+0x253/0x370 [ 61.961500][ T7029] x25_release+0x345/0x420 [ 61.965905][ T7029] __sock_release+0xcd/0x280 [ 61.970467][ T7029] sock_close+0x18/0x20 [ 61.974598][ T7029] __fput+0x33e/0x880 [ 61.978551][ T7029] task_work_run+0xf4/0x1b0 [ 61.983032][ T7029] exit_to_usermode_loop+0x2fa/0x360 [ 61.988289][ T7029] do_syscall_64+0x6b1/0x7d0 [ 61.992869][ T7029] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.998749][ T7029] RIP: 0033:0x4afb40 [ 62.002618][ T7029] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 62.022200][ T7029] RSP: 002b:000000c0001d94f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000003 [ 62.030592][ T7029] RAX: 0000000000000000 RBX: 000000c00002e500 RCX: 00000000004afb40 [ 62.038539][ T7029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 62.046483][ T7029] RBP: 000000c0001d9538 R08: 0000000000000000 R09: 0000000000000000 [ 62.054427][ T7029] R10: 0000000000000000 R11: 0000000000000216 R12: ffffffffffffffff [ 62.062370][ T7029] R13: 0000000000000163 R14: 0000000000000162 R15: 0000000000000200 [ 62.071506][ T7029] Kernel Offset: disabled [ 62.075936][ T7029] Rebooting in 86400 seconds..