pts pts31: tty_release: tty->count(3) != #fd's(2) ================================================================== BUG: KASAN: user-memory-access in bitmap_zero include/linux/bitmap.h:197 [inline] BUG: KASAN: user-memory-access in n_tty_set_termios+0xf6/0xd30 drivers/tty/n_tty.c:1768 Write of size 512 at addr 0000000000001060 by task syz-executor3/531 CPU: 1 PID: 531 Comm: syz-executor3 Not tainted 4.9.107-g42a730a #45 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801baed7708 ffffffff81eb42a9 0000000000001060 0000000000000200 0000000000000001 000000000000005d ffff8801baed7848 ffff8801baed7750 ffffffff8156813e ffffffff8211eec6 0000000000000286 194773089ba2407a Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:353 [inline] [] kasan_report.cold.6+0x6d/0x2fe mm/kasan/report.c:412 [] check_memory_region_inline mm/kasan/kasan.c:318 [inline] [] check_memory_region+0x14f/0x1b0 mm/kasan/kasan.c:325 [] memset+0x23/0x40 mm/kasan/kasan.c:343 [] bitmap_zero include/linux/bitmap.h:197 [inline] [] n_tty_set_termios+0xf6/0xd30 drivers/tty/n_tty.c:1768 [] tty_set_termios+0x626/0x8a0 drivers/tty/tty_ioctl.c:562 [] set_termios+0x38f/0x620 drivers/tty/tty_ioctl.c:635 [] tty_mode_ioctl+0x75b/0x980 drivers/tty/tty_ioctl.c:1002 [] n_tty_ioctl_helper+0x44/0x370 drivers/tty/tty_ioctl.c:1161 [] n_tty_ioctl+0x46/0x2c0 drivers/tty/n_tty.c:2443 [] tty_ioctl+0x5a4/0x2270 drivers/tty/tty_io.c:3009 [] vfs_ioctl fs/ioctl.c:43 [inline] [] file_ioctl fs/ioctl.c:493 [inline] [] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ==================================================================