pts pts2: tty_release: tty->count(2) != #fd's(1) pts pts3: tty_release: tty->count(2) != #fd's(1) pts pts4: tty_release: tty->count(2) != #fd's(1) pts pts5: tty_release: tty->count(2) != #fd's(1) ================================================================== BUG: KASAN: user-memory-access in bitmap_zero include/linux/bitmap.h:197 [inline] BUG: KASAN: user-memory-access in n_tty_set_termios+0xf6/0xd30 drivers/tty/n_tty.c:1786 Write of size 512 at addr 0000000000001060 by task syz-executor4/4690 CPU: 1 PID: 4690 Comm: syz-executor4 Not tainted 4.9.128+ #41 ffff8801c420f708 ffffffff81af2469 0000000000001060 0000000000000200 0000000000000001 000000000000005d ffff8801c420f848 ffff8801c420f750 ffffffff814e1600 ffffffff81cd72c6 0000000000000286 1ea2fdbc9100f710 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:353 [inline] [] kasan_report.cold.6+0x6d/0x2fe mm/kasan/report.c:412 [] check_memory_region_inline mm/kasan/kasan.c:318 [inline] [] check_memory_region+0x14d/0x1b0 mm/kasan/kasan.c:325 [] memset+0x23/0x40 mm/kasan/kasan.c:343 [] bitmap_zero include/linux/bitmap.h:197 [inline] [] n_tty_set_termios+0xf6/0xd30 drivers/tty/n_tty.c:1786 [] tty_set_termios+0x626/0x8a0 drivers/tty/tty_ioctl.c:562 [] set_termios+0x38f/0x620 drivers/tty/tty_ioctl.c:635 [] tty_mode_ioctl+0x4f9/0x980 drivers/tty/tty_ioctl.c:968 [] n_tty_ioctl_helper+0x44/0x370 drivers/tty/tty_ioctl.c:1161 [] n_tty_ioctl+0x46/0x2e0 drivers/tty/n_tty.c:2452 [] tty_ioctl+0x440/0x2190 drivers/tty/tty_io.c:3009 [] vfs_ioctl fs/ioctl.c:43 [inline] [] file_ioctl fs/ioctl.c:493 [inline] [] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] do_syscall_64+0x19f/0x480 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ==================================================================