[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   77.948347][ T8415] ==================================================================
[   77.952299][ T8418] ------------[ cut here ]------------
[   77.956470][ T8415] BUG: KASAN: use-after-free in __lock_acquire+0x3e6f/0x54c0
[   77.956527][ T8415] Read of size 8 at addr ffff88801aae8468 by task syz-executor440/8415
[   77.977827][ T8415] 
[   77.980149][ T8415] CPU: 1 PID: 8415 Comm: syz-executor440 Not tainted 5.12.0-rc7-syzkaller #0
[   77.988893][ T8415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.999935][ T8415] Call Trace:
[   78.003520][ T8415]  dump_stack+0x141/0x1d7
[   78.008609][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.013655][ T8415]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   78.020678][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.025702][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.030821][ T8415]  kasan_report.cold+0x7c/0xd8
[   78.035577][ T8415]  ? __lock_acquire+0x15d0/0x54c0
[   78.040600][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.045700][ T8415]  __lock_acquire+0x3e6f/0x54c0
[   78.050543][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.056511][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.062587][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.068584][ T8415]  lock_acquire+0x1ab/0x740
[   78.073079][ T8415]  ? nfc_llcp_sock_unlink+0x1d/0x1c0
[   78.078364][ T8415]  ? lock_release+0x720/0x720
[   78.083046][ T8415]  ? llcp_sock_release+0x1df/0x580
[   78.088149][ T8415]  ? mark_held_locks+0x9f/0xe0
[   78.092901][ T8415]  _raw_write_lock+0x2a/0x40
[   78.097932][ T8415]  ? nfc_llcp_sock_unlink+0x1d/0x1c0
[   78.103230][ T8415]  nfc_llcp_sock_unlink+0x1d/0x1c0
[   78.108633][ T8415]  llcp_sock_release+0x286/0x580
[   78.113697][ T8415]  __sock_release+0xcd/0x280
[   78.118286][ T8415]  sock_close+0x18/0x20
[   78.122427][ T8415]  __fput+0x288/0x920
[   78.126424][ T8415]  ? __sock_release+0x280/0x280
[   78.131371][ T8415]  task_work_run+0xdd/0x1a0
[   78.135884][ T8415]  do_exit+0xbfc/0x2a60
[   78.140055][ T8415]  ? find_held_lock+0x2d/0x110
[   78.144831][ T8415]  ? mm_update_next_owner+0x7a0/0x7a0
[   78.150214][ T8415]  ? get_signal+0x337/0x2150
[   78.155510][ T8415]  ? lock_downgrade+0x6e0/0x6e0
[   78.160398][ T8415]  do_group_exit+0x125/0x310
[   78.165179][ T8415]  get_signal+0x47f/0x2150
[   78.169727][ T8415]  ? sock_sendmsg+0x55/0x120
[   78.174354][ T8415]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   78.180716][ T8415]  ? __sys_sendto+0x245/0x320
[   78.185416][ T8415]  ? __ia32_sys_getpeername+0xb0/0xb0
[   78.190794][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.196830][ T8415]  arch_do_signal_or_restart+0x2a8/0x1eb0
[   78.203892][ T8415]  ? copy_siginfo_to_user32+0xa0/0xa0
[   78.212692][ T8415]  ? __context_tracking_exit+0xb8/0xe0
[   78.218534][ T8415]  ? lock_downgrade+0x6e0/0x6e0
[   78.223410][ T8415]  exit_to_user_mode_prepare+0x148/0x250
[   78.229039][ T8415]  syscall_exit_to_user_mode+0x19/0x60
[   78.234500][ T8415]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   78.240391][ T8415] RIP: 0033:0x43fd79
[   78.244285][ T8415] Code: Unable to access opcode bytes at RIP 0x43fd4f.
[   78.251110][ T8415] RSP: 002b:00007ffcef9700c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   78.259518][ T8415] RAX: 0000000000000001 RBX: 00000000000f4240 RCX: 000000000043fd79
[   78.267476][ T8415] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000004
[   78.275544][ T8415] RBP: 0000000000000000 R08: 0000000020000180 R09: 0000000000000010
[   78.283681][ T8415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403550
[   78.291641][ T8415] R13: 0000000000000000 R14: 00007ffcef970100 R15: 00007ffcef9700f0
[   78.299633][ T8415] 
[   78.301961][ T8415] Allocated by task 1:
[   78.306034][ T8415]  kasan_save_stack+0x1b/0x40
[   78.310736][ T8415]  __kasan_kmalloc+0x99/0xc0
[   78.315352][ T8415]  nfc_llcp_register_device+0x45/0x9d0
[   78.320833][ T8415]  nfc_register_device+0x6d/0x360
[   78.325846][ T8415]  nfcsim_device_new+0x345/0x5c1
[   78.330776][ T8415]  nfcsim_init+0x71/0x14d
[   78.335091][ T8415]  do_one_initcall+0x103/0x650
[   78.339844][ T8415]  kernel_init_freeable+0x63e/0x6c2
[   78.345040][ T8415]  kernel_init+0xd/0x1b8
[   78.349283][ T8415]  ret_from_fork+0x1f/0x30
[   78.353704][ T8415] 
[   78.356020][ T8415] Freed by task 8409:
[   78.359987][ T8415]  kasan_save_stack+0x1b/0x40
[   78.364664][ T8415]  kasan_set_track+0x1c/0x30
[   78.369244][ T8415]  kasan_set_free_info+0x20/0x30
[   78.374171][ T8415]  __kasan_slab_free+0xf5/0x130
[   78.379097][ T8415]  slab_free_freelist_hook+0x92/0x210
[   78.384455][ T8415]  kfree+0xe5/0x7f0
[   78.388250][ T8415]  nfc_llcp_local_put+0x194/0x200
[   78.393263][ T8415]  llcp_sock_destruct+0x81/0x150
[   78.398209][ T8415]  __sk_destruct+0x4b/0x900
[   78.402719][ T8415]  sk_destruct+0xbd/0xe0
[   78.406972][ T8415]  __sk_free+0xef/0x3d0
[   78.411127][ T8415]  sk_free+0x78/0xa0
[   78.415011][ T8415]  llcp_sock_release+0x3c9/0x580
[   78.419944][ T8415]  __sock_release+0xcd/0x280
[   78.424522][ T8415]  sock_close+0x18/0x20
[   78.428669][ T8415]  __fput+0x288/0x920
[   78.432637][ T8415]  task_work_run+0xdd/0x1a0
[   78.437154][ T8415]  do_exit+0xbfc/0x2a60
[   78.441319][ T8415]  do_group_exit+0x125/0x310
[   78.445940][ T8415]  get_signal+0x47f/0x2150
[   78.450349][ T8415]  arch_do_signal_or_restart+0x2a8/0x1eb0
[   78.456065][ T8415]  exit_to_user_mode_prepare+0x148/0x250
[   78.461687][ T8415]  syscall_exit_to_user_mode+0x19/0x60
[   78.467135][ T8415]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   78.473018][ T8415] 
[   78.475329][ T8415] The buggy address belongs to the object at ffff88801aae8000
[   78.475329][ T8415]  which belongs to the cache kmalloc-2k of size 2048
[   78.489367][ T8415] The buggy address is located 1128 bytes inside of
[   78.489367][ T8415]  2048-byte region [ffff88801aae8000, ffff88801aae8800)
[   78.502925][ T8415] The buggy address belongs to the page:
[   78.508553][ T8415] page:ffffea00006aba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801aaec000 pfn:0x1aae8
[   78.520009][ T8415] head:ffffea00006aba00 order:3 compound_mapcount:0 compound_pincount:0
[   78.528334][ T8415] flags: 0xfff00000010200(slab|head)
[   78.533615][ T8415] raw: 00fff00000010200 ffffea00006d9008 ffffea000061c808 ffff888010842000
[   78.542358][ T8415] raw: ffff88801aaec000 0000000000080004 00000001ffffffff 0000000000000000
[   78.551024][ T8415] page dumped because: kasan: bad access detected
[   78.557420][ T8415] 
[   78.559725][ T8415] Memory state around the buggy address:
[   78.565337][ T8415]  ffff88801aae8300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.573413][ T8415]  ffff88801aae8380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.581474][ T8415] >ffff88801aae8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.589520][ T8415]                                                           ^
[   78.597056][ T8415]  ffff88801aae8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.605151][ T8415]  ffff88801aae8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.613220][ T8415] ==================================================================
[   78.621287][ T8415] Disabling lock debugging due to kernel taint
[   78.627418][ T8415] Kernel panic - not syncing: panic_on_warn set ...
[   78.634087][ T8415] CPU: 1 PID: 8415 Comm: syz-executor440 Tainted: G    B             5.12.0-rc7-syzkaller #0
[   78.644223][ T8415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.654263][ T8415] Call Trace:
[   78.657543][ T8415]  dump_stack+0x141/0x1d7
[   78.661869][ T8415]  panic+0x306/0x73d
[   78.665755][ T8415]  ? __warn_printk+0xf3/0xf3
[   78.670336][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.675367][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.680378][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.685389][ T8415]  end_report.cold+0x5a/0x5a
[   78.689967][ T8415]  kasan_report.cold+0x6a/0xd8
[   78.694718][ T8415]  ? __lock_acquire+0x15d0/0x54c0
[   78.699743][ T8415]  ? __lock_acquire+0x3e6f/0x54c0
[   78.704758][ T8415]  __lock_acquire+0x3e6f/0x54c0
[   78.709604][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.715939][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.721911][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.727881][ T8415]  lock_acquire+0x1ab/0x740
[   78.732373][ T8415]  ? nfc_llcp_sock_unlink+0x1d/0x1c0
[   78.737650][ T8415]  ? lock_release+0x720/0x720
[   78.742326][ T8415]  ? llcp_sock_release+0x1df/0x580
[   78.747950][ T8415]  ? mark_held_locks+0x9f/0xe0
[   78.752705][ T8415]  _raw_write_lock+0x2a/0x40
[   78.757308][ T8415]  ? nfc_llcp_sock_unlink+0x1d/0x1c0
[   78.762583][ T8415]  nfc_llcp_sock_unlink+0x1d/0x1c0
[   78.767686][ T8415]  llcp_sock_release+0x286/0x580
[   78.772615][ T8415]  __sock_release+0xcd/0x280
[   78.777195][ T8415]  sock_close+0x18/0x20
[   78.781337][ T8415]  __fput+0x288/0x920
[   78.785307][ T8415]  ? __sock_release+0x280/0x280
[   78.790146][ T8415]  task_work_run+0xdd/0x1a0
[   78.794642][ T8415]  do_exit+0xbfc/0x2a60
[   78.798793][ T8415]  ? find_held_lock+0x2d/0x110
[   78.803563][ T8415]  ? mm_update_next_owner+0x7a0/0x7a0
[   78.808931][ T8415]  ? get_signal+0x337/0x2150
[   78.813532][ T8415]  ? lock_downgrade+0x6e0/0x6e0
[   78.818376][ T8415]  do_group_exit+0x125/0x310
[   78.822976][ T8415]  get_signal+0x47f/0x2150
[   78.827396][ T8415]  ? sock_sendmsg+0x55/0x120
[   78.831974][ T8415]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   78.838212][ T8415]  ? __sys_sendto+0x245/0x320
[   78.842878][ T8415]  ? __ia32_sys_getpeername+0xb0/0xb0
[   78.848244][ T8415]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   78.854217][ T8415]  arch_do_signal_or_restart+0x2a8/0x1eb0
[   78.859943][ T8415]  ? copy_siginfo_to_user32+0xa0/0xa0
[   78.865307][ T8415]  ? __context_tracking_exit+0xb8/0xe0
[   78.870757][ T8415]  ? lock_downgrade+0x6e0/0x6e0
[   78.875601][ T8415]  exit_to_user_mode_prepare+0x148/0x250
[   78.881222][ T8415]  syscall_exit_to_user_mode+0x19/0x60
[   78.888436][ T8415]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   78.894327][ T8415] RIP: 0033:0x43fd79
[   78.898209][ T8415] Code: Unable to access opcode bytes at RIP 0x43fd4f.
[   78.905086][ T8415] RSP: 002b:00007ffcef9700c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   78.914116][ T8415] RAX: 0000000000000001 RBX: 00000000000f4240 RCX: 000000000043fd79
[   78.922084][ T8415] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000004
[   78.930045][ T8415] RBP: 0000000000000000 R08: 0000000020000180 R09: 0000000000000010
[   78.938006][ T8415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403550
[   78.945974][ T8415] R13: 0000000000000000 R14: 00007ffcef970100 R15: 00007ffcef9700f0
[   78.954621][ T8415] Kernel Offset: disabled
[   78.959362][ T8415] Rebooting in 86400 seconds..