[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts.
syzkaller login: [  256.953462][T10440] ==================================================================
[  256.953655][T10440] BUG: KASAN: unknown-crash in do_con_write+0x1270/0xd580
[  256.953663][T10440] Write of size 8 at addr ffffc9000aa1f7a0 by task syz-executor240/10440
[  256.953666][T10440] 
[  256.953674][T10440] CPU: 1 PID: 10440 Comm: syz-executor240 Not tainted 5.9.0-rc4-syzkaller #0
[  256.953678][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  256.953681][T10440] Call Trace:
[  256.953729][T10440]  dump_stack+0x1d6/0x29e
[  256.953777][T10440]  print_address_description+0x66/0x620
[  256.953830][T10440]  ? printk+0x62/0x83
[  256.953878][T10440]  ? _raw_spin_lock_irqsave+0x84/0xd0
[  256.953886][T10440]  ? vprintk_emit+0x2f0/0x370
[  256.953895][T10440]  kasan_report+0x132/0x1d0
[  256.953937][T10440]  ? bit_clear+0x4e1/0x540
[  256.953944][T10440]  ? do_con_write+0x1270/0xd580
[  256.953953][T10440]  do_con_write+0x1270/0xd580
[  256.954015][T10440]  ? n_tty_write+0xd66/0x1170
[  256.954029][T10440]  con_write+0x20/0x40
[  256.954036][T10440]  n_tty_write+0xcbf/0x1170
[  256.954074][T10440]  ? wait_woken+0x240/0x240
[  256.954100][T10440]  tty_write+0x593/0x940
[  256.954110][T10440]  ? n_tty_read+0x1ba0/0x1ba0
[  256.954118][T10440]  ? redirected_tty_write+0xb0/0xb0
[  256.954153][T10440]  __kernel_write+0x1ac/0xac0
[  256.954180][T10440]  ? lock_is_held_type+0xb3/0xe0
[  256.954265][T10440]  write_pipe_buf+0xf9/0x150
[  256.954276][T10440]  __splice_from_pipe+0x351/0x8b0
[  256.954292][T10440]  ? default_file_splice_read+0xa40/0xa40
[  256.954302][T10440]  direct_splice_actor+0x1eb/0x2a0
[  256.954316][T10440]  splice_direct_to_actor+0x4a2/0xb60
[  256.954328][T10440]  ? do_splice_direct+0x340/0x340
[  256.954340][T10440]  do_splice_direct+0x201/0x340
[  256.954371][T10440]  ? __fdget+0xa0/0x210
[  256.954381][T10440]  do_sendfile+0x86d/0x1210
[  256.954399][T10440]  __x64_sys_sendfile64+0x164/0x1a0
[  256.954427][T10440]  do_syscall_64+0x31/0x70
[  256.954435][T10440]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  256.954442][T10440] RIP: 0033:0x446ac9
[  256.954449][T10440] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  256.954453][T10440] RSP: 002b:00007fb3d5c84d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  256.954460][T10440] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446ac9
[  256.954464][T10440] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  256.954468][T10440] RBP: 00000000006dbc50 R08: 65732f636f72702f R09: 65732f636f72702f
[  256.954473][T10440] R10: 0800000080004103 R11: 0000000000000246 R12: 00000000006dbc5c
[  256.954477][T10440] R13: 00007fb3d5c84d20 R14: 00007fb3d5c84d20 R15: 20c49ba5e353f7cf
[  256.954489][T10440] 
[  256.954494][T10440] 
[  256.954497][T10440] Memory state around the buggy address:
[  256.954503][T10440]  ffffc9000aa1f680: 00 00 00 00 00 77 00 00 00 77 07 00 77 00 70 07
[  256.954507][T10440]  ffffc9000aa1f700: 00 77 07 00 00 77 00 00 00 77 00 00 00 77 07 00
[  256.954511][T10440] >ffffc9000aa1f780: 00 77 00 00 77 00 00 00 77 00 77 00 70 07 00 00
[  256.954515][T10440]                                ^
[  256.954519][T10440]  ffffc9000aa1f800: 77 00 70 07 77 00 77 00 70 07 70 07 00 77 00 00
[  256.954524][T10440]  ffffc9000aa1f880: 00 77 00 00 70 07 00 00 77 00 00 00 77 00 00 00
[  256.954527][T10440] ==================================================================
[  256.954529][T10440] Disabling lock debugging due to kernel taint
[  256.954533][T10440] Kernel panic - not syncing: panic_on_warn set ...
[  256.954539][T10440] CPU: 1 PID: 10440 Comm: syz-executor240 Tainted: G    B             5.9.0-rc4-syzkaller #0
[  256.954541][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  256.954543][T10440] Call Trace:
[  256.954549][T10440]  dump_stack+0x1d6/0x29e
[  256.954595][T10440]  panic+0x2c0/0x800
[  256.954632][T10440]  ? trace_hardirqs_on+0x30/0x80
[  256.954639][T10440]  kasan_report+0x1c9/0x1d0
[  256.954648][T10440]  ? bit_clear+0x4e1/0x540
[  256.954656][T10440]  ? do_con_write+0x1270/0xd580
[  256.954666][T10440]  do_con_write+0x1270/0xd580
[  256.954694][T10440]  ? n_tty_write+0xd66/0x1170
[  256.954708][T10440]  con_write+0x20/0x40
[  256.954716][T10440]  n_tty_write+0xcbf/0x1170
[  256.954736][T10440]  ? wait_woken+0x240/0x240
[  256.954743][T10440]  tty_write+0x593/0x940
[  256.954748][T10440]  ? n_tty_read+0x1ba0/0x1ba0
[  256.954754][T10440]  ? redirected_tty_write+0xb0/0xb0
[  256.954759][T10440]  __kernel_write+0x1ac/0xac0
[  256.954766][T10440]  ? lock_is_held_type+0xb3/0xe0
[  256.954773][T10440]  write_pipe_buf+0xf9/0x150
[  256.954780][T10440]  __splice_from_pipe+0x351/0x8b0
[  256.954788][T10440]  ? default_file_splice_read+0xa40/0xa40
[  256.954794][T10440]  direct_splice_actor+0x1eb/0x2a0
[  256.954801][T10440]  splice_direct_to_actor+0x4a2/0xb60
[  256.954808][T10440]  ? do_splice_direct+0x340/0x340
[  256.954814][T10440]  do_splice_direct+0x201/0x340
[  256.954820][T10440]  ? __fdget+0xa0/0x210
[  256.954825][T10440]  do_sendfile+0x86d/0x1210
[  256.954833][T10440]  __x64_sys_sendfile64+0x164/0x1a0
[  256.954840][T10440]  do_syscall_64+0x31/0x70
[  256.954845][T10440]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  256.954849][T10440] RIP: 0033:0x446ac9
[  256.954854][T10440] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  256.954857][T10440] RSP: 002b:00007fb3d5c84d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  256.954862][T10440] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446ac9
[  256.954865][T10440] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  256.954868][T10440] RBP: 00000000006dbc50 R08: 65732f636f72702f R09: 65732f636f72702f
[  256.954872][T10440] R10: 0800000080004103 R11: 0000000000000246 R12: 00000000006dbc5c
[  256.954875][T10440] R13: 00007fb3d5c84d20 R14: 00007fb3d5c84d20 R15: 20c49ba5e353f7cf
[  256.956105][T10440] Kernel Offset: disabled
[  257.550388][T10440] Rebooting in 86400 seconds..