[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [  511.282231][ T7024] ==================================================================
[  511.282350][ T7024] BUG: KASAN: use-after-free in con_shutdown+0x7f/0x90
[  511.282362][ T7024] Write of size 8 at addr ffff888094057108 by task syz-executor779/7024
[  511.282365][ T7024] 
[  511.282379][ T7024] CPU: 1 PID: 7024 Comm: syz-executor779 Not tainted 5.6.0-rc7-syzkaller #0
[  511.282385][ T7024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  511.282390][ T7024] Call Trace:
[  511.282464][ T7024]  dump_stack+0x188/0x20d
[  511.282478][ T7024]  ? con_shutdown+0x7f/0x90
[  511.282492][ T7024]  ? con_shutdown+0x7f/0x90
[  511.282550][ T7024]  print_address_description.constprop.0.cold+0xd3/0x315
[  511.282562][ T7024]  ? con_shutdown+0x7f/0x90
[  511.282576][ T7024]  ? con_shutdown+0x7f/0x90
[  511.282588][ T7024]  __kasan_report.cold+0x1a/0x32
[  511.282606][ T7024]  ? con_shutdown+0x7f/0x90
[  511.282624][ T7024]  kasan_report+0xe/0x20
[  511.282637][ T7024]  con_shutdown+0x7f/0x90
[  511.282648][ T7024]  ? update_region+0x140/0x140
[  511.282683][ T7024]  release_tty+0xca/0x450
[  511.282700][ T7024]  tty_release_struct+0x37/0x50
[  511.282713][ T7024]  tty_release+0xbc7/0xe90
[  511.282740][ T7024]  ? do_tty_hangup+0x30/0x30
[  511.282786][ T7024]  __fput+0x2da/0x850
[  511.282839][ T7024]  task_work_run+0x13f/0x1b0
[  511.282902][ T7024]  do_exit+0xb34/0x2dd0
[  511.282935][ T7024]  ? mm_update_next_owner+0x7a0/0x7a0
[  511.282983][ T7024]  ? up_read+0x1ab/0x750
[  511.282998][ T7024]  ? mark_held_locks+0x9f/0xe0
[  511.283013][ T7024]  ? down_read_non_owner+0x470/0x470
[  511.283067][ T7024]  ? handle_mm_fault+0x491/0xa10
[  511.283089][ T7024]  do_group_exit+0x125/0x340
[  511.283108][ T7024]  __x64_sys_exit_group+0x3a/0x50
[  511.283130][ T7024]  do_syscall_64+0xf6/0x7d0
[  511.283204][ T7024]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  511.283215][ T7024] RIP: 0033:0x43ff38
[  511.283229][ T7024] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00
[  511.283242][ T7024] RSP: 002b:00007ffcf94d9a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  511.283254][ T7024] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[  511.283262][ T7024] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[  511.283270][ T7024] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[  511.283278][ T7024] R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000001
[  511.283286][ T7024] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[  511.283315][ T7024] 
[  511.283322][ T7024] Allocated by task 7024:
[  511.283335][ T7024]  save_stack+0x1b/0x80
[  511.283348][ T7024]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[  511.283359][ T7024]  kmem_cache_alloc_trace+0x153/0x7d0
[  511.283388][ T7024]  vc_allocate+0x1e2/0x6e0
[  511.283397][ T7024]  con_install+0x4f/0x400
[  511.283406][ T7024]  tty_init_dev+0xf5/0x460
[  511.283416][ T7024]  tty_open+0x47f/0xb30
[  511.283427][ T7024]  chrdev_open+0x219/0x5c0
[  511.283438][ T7024]  do_dentry_open+0x4a2/0x1250
[  511.283449][ T7024]  path_openat+0x122a/0x32b0
[  511.283480][ T7024]  do_filp_open+0x192/0x260
[  511.283491][ T7024]  do_sys_openat2+0x54c/0x740
[  511.283502][ T7024]  do_sys_open+0xc3/0x140
[  511.283513][ T7024]  do_syscall_64+0xf6/0x7d0
[  511.283524][ T7024]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  511.283527][ T7024] 
[  511.283533][ T7024] Freed by task 7026:
[  511.283544][ T7024]  save_stack+0x1b/0x80
[  511.283555][ T7024]  __kasan_slab_free+0xf7/0x140
[  511.283565][ T7024]  kfree+0x109/0x2b0
[  511.283577][ T7024]  vt_disallocate_all+0x293/0x3b0
[  511.283588][ T7024]  vt_ioctl+0xb79/0x2470
[  511.283598][ T7024]  tty_ioctl+0xedd/0x1440
[  511.283610][ T7024]  ksys_ioctl+0x11a/0x180
[  511.283622][ T7024]  __x64_sys_ioctl+0x6f/0xb0
[  511.283633][ T7024]  do_syscall_64+0xf6/0x7d0
[  511.283645][ T7024]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  511.283648][ T7024] 
[  511.283701][ T7024] The buggy address belongs to the object at ffff888094057000
[  511.283701][ T7024]  which belongs to the cache kmalloc-2k of size 2048
[  511.283714][ T7024] The buggy address is located 264 bytes inside of
[  511.283714][ T7024]  2048-byte region [ffff888094057000, ffff888094057800)
[  511.283717][ T7024] The buggy address belongs to the page:
[  511.283725][ T7024] page:ffffea00025015c0 refcount:1 mapcount:0 mapping:ffff8880aa000e00 index:0x0
[  511.283733][ T7024] flags: 0xfffe0000000200(slab)
[  511.283747][ T7024] raw: 00fffe0000000200 ffffea00029fc448 ffffea0002873cc8 ffff8880aa000e00
[  511.283761][ T7024] raw: 0000000000000000 ffff888094057000 0000000100000001 0000000000000000
[  511.283766][ T7024] page dumped because: kasan: bad access detected
[  511.283770][ T7024] 
[  511.283774][ T7024] Memory state around the buggy address:
[  511.283784][ T7024]  ffff888094057000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.283793][ T7024]  ffff888094057080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.283802][ T7024] >ffff888094057100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.283806][ T7024]                       ^
[  511.283815][ T7024]  ffff888094057180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.283824][ T7024]  ffff888094057200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.283828][ T7024] ==================================================================
[  511.283832][ T7024] Disabling lock debugging due to kernel taint
[  511.283839][ T7024] Kernel panic - not syncing: panic_on_warn set ...
[  511.283852][ T7024] CPU: 1 PID: 7024 Comm: syz-executor779 Tainted: G    B             5.6.0-rc7-syzkaller #0
[  511.283858][ T7024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  511.283861][ T7024] Call Trace:
[  511.283879][ T7024]  dump_stack+0x188/0x20d
[  511.283894][ T7024]  panic+0x2e3/0x75c
[  511.283906][ T7024]  ? add_taint.cold+0x16/0x16
[  511.283925][ T7024]  ? print_shadow_for_address+0xb8/0x114
[  511.283986][ T7024]  ? trace_hardirqs_on+0x55/0x220
[  511.284000][ T7024]  ? con_shutdown+0x7f/0x90
[  511.284012][ T7024]  end_report+0x43/0x49
[  511.284022][ T7024]  ? con_shutdown+0x7f/0x90
[  511.284032][ T7024]  __kasan_report.cold+0xd/0x32
[  511.284042][ T7024]  ? con_shutdown+0x7f/0x90
[  511.284055][ T7024]  kasan_report+0xe/0x20
[  511.284066][ T7024]  con_shutdown+0x7f/0x90
[  511.284076][ T7024]  ? update_region+0x140/0x140
[  511.284086][ T7024]  release_tty+0xca/0x450
[  511.284099][ T7024]  tty_release_struct+0x37/0x50
[  511.284110][ T7024]  tty_release+0xbc7/0xe90
[  511.284126][ T7024]  ? do_tty_hangup+0x30/0x30
[  511.284135][ T7024]  __fput+0x2da/0x850
[  511.284151][ T7024]  task_work_run+0x13f/0x1b0
[  511.284169][ T7024]  do_exit+0xb34/0x2dd0
[  511.284197][ T7024]  ? mm_update_next_owner+0x7a0/0x7a0
[  511.284214][ T7024]  ? up_read+0x1ab/0x750
[  511.284227][ T7024]  ? mark_held_locks+0x9f/0xe0
[  511.284240][ T7024]  ? down_read_non_owner+0x470/0x470
[  511.284256][ T7024]  ? handle_mm_fault+0x491/0xa10
[  511.284271][ T7024]  do_group_exit+0x125/0x340
[  511.284285][ T7024]  __x64_sys_exit_group+0x3a/0x50
[  511.284299][ T7024]  do_syscall_64+0xf6/0x7d0
[  511.284314][ T7024]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  511.284322][ T7024] RIP: 0033:0x43ff38
[  511.284332][ T7024] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00
[  511.284338][ T7024] RSP: 002b:00007ffcf94d9a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  511.284349][ T7024] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[  511.284356][ T7024] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[  511.284363][ T7024] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[  511.284370][ T7024] R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000001
[  511.284377][ T7024] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[  511.286027][ T7024] Kernel Offset: disabled