Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts.
[   52.687488] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[   52.820440] kauditd_printk_skb: 1 callbacks suppressed
[   52.820449] audit: type=1400 audit(1583791315.733:36): avc:  denied  { map } for  pid=7654 comm="syz-executor076" path="/root/syz-executor076323246" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   52.885803] ==================================================================
[   52.885849] BUG: KASAN: use-after-free in con_shutdown+0x7f/0x90
[   52.885857] Write of size 8 at addr ffff88809e9d4348 by task syz-executor076/7661
[   52.885859] 
[   52.885868] CPU: 0 PID: 7661 Comm: syz-executor076 Not tainted 4.14.172-syzkaller #0
[   52.885872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.885876] Call Trace:
[   52.885890]  dump_stack+0x13e/0x194
[   52.885900]  ? con_shutdown+0x7f/0x90
[   52.885913]  print_address_description.cold+0x7c/0x1e2
[   52.885921]  ? con_shutdown+0x7f/0x90
[   52.885929]  kasan_report.cold+0xa9/0x2ae
[   52.885937]  ? set_palette+0x130/0x130
[   52.885946]  con_shutdown+0x7f/0x90
[   52.885955]  release_tty+0xb6/0x7a0
[   52.885963]  tty_release_struct+0x37/0x50
[   52.885969]  tty_release+0xaa6/0xd60
[   52.885982]  ? tty_release_struct+0x50/0x50
[   52.885990]  __fput+0x25f/0x790
[   52.886008]  task_work_run+0x113/0x190
[   52.886020]  do_exit+0x9f2/0x2b00
[   52.886030]  ? __do_page_fault+0x4e4/0xb40
[   52.886039]  ? mm_update_next_owner+0x5b0/0x5b0
[   52.886050]  ? lock_downgrade+0x6e0/0x6e0
[   52.886063]  do_group_exit+0x100/0x310
[   52.886073]  SyS_exit_group+0x19/0x20
[   52.886079]  ? do_group_exit+0x310/0x310
[   52.886088]  do_syscall_64+0x1d5/0x640
[   52.886103]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.886109] RIP: 0033:0x43ff38
[   52.886114] RSP: 002b:00007ffd6c688b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.886123] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[   52.886128] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   52.886132] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[   52.886136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.886141] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   52.886154] 
[   52.886158] Allocated by task 7661:
[   52.886165]  save_stack+0x32/0xa0
[   52.886171]  kasan_kmalloc+0xbf/0xe0
[   52.886178]  kmem_cache_alloc_trace+0x14d/0x7b0
[   52.886184]  vc_allocate+0x142/0x550
[   52.886191]  con_install+0x4f/0x3e0
[   52.886197]  tty_init_dev+0xe1/0x3a0
[   52.886203]  tty_open+0x410/0x9c0
[   52.886211]  chrdev_open+0x1fc/0x540
[   52.886218]  do_dentry_open+0x732/0xe90
[   52.886225]  vfs_open+0x105/0x220
[   52.886232]  path_openat+0x8ca/0x3c50
[   52.886238]  do_filp_open+0x18e/0x250
[   52.886245]  do_sys_open+0x29d/0x3f0
[   52.886251]  do_syscall_64+0x1d5/0x640
[   52.886258]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.886260] 
[   52.886263] Freed by task 7666:
[   52.886269]  save_stack+0x32/0xa0
[   52.886275]  kasan_slab_free+0x75/0xc0
[   52.886280]  kfree+0xcb/0x260
[   52.886289]  vt_disallocate_all+0x25c/0x340
[   52.886294]  vt_ioctl+0x6e3/0x1f00
[   52.886306]  tty_ioctl+0x6c5/0x1220
[   52.886313]  do_vfs_ioctl+0x75a/0xfe0
[   52.886319]  SyS_ioctl+0x7f/0xb0
[   52.886326]  do_syscall_64+0x1d5/0x640
[   52.886332]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.886334] 
[   52.886339] The buggy address belongs to the object at ffff88809e9d4240
[   52.886339]  which belongs to the cache kmalloc-2048 of size 2048
[   52.886346] The buggy address is located 264 bytes inside of
[   52.886346]  2048-byte region [ffff88809e9d4240, ffff88809e9d4a40)
[   52.886348] The buggy address belongs to the page:
[   52.886355] page:ffffea00027a7500 count:1 mapcount:0 mapping:ffff88809e9d4240 index:0x0 compound_mapcount: 0
[   52.886367] flags: 0xfffe0000008100(slab|head)
[   52.886377] raw: 00fffe0000008100 ffff88809e9d4240 0000000000000000 0000000100000003
[   52.886385] raw: ffffea00026bc120 ffffea00026eff20 ffff88812fe56c40 0000000000000000
[   52.886388] page dumped because: kasan: bad access detected
[   52.886391] 
[   52.886393] Memory state around the buggy address:
[   52.886399]  ffff88809e9d4200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   52.886405]  ffff88809e9d4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.886411] >ffff88809e9d4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.886414]                                               ^
[   52.886420]  ffff88809e9d4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.886425]  ffff88809e9d4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.886428] ==================================================================
[   52.886431] Disabling lock debugging due to kernel taint
[   52.886461] Kernel panic - not syncing: panic_on_warn set ...
[   52.886461] 
[   52.886469] CPU: 0 PID: 7661 Comm: syz-executor076 Tainted: G    B           4.14.172-syzkaller #0
[   52.886472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.886474] Call Trace:
[   52.886482]  dump_stack+0x13e/0x194
[   52.886490]  panic+0x1f9/0x42d
[   52.886496]  ? add_taint.cold+0x16/0x16
[   52.886507]  ? con_shutdown+0x7f/0x90
[   52.886514]  kasan_end_report+0x43/0x49
[   52.886520]  kasan_report.cold+0x12f/0x2ae
[   52.886527]  ? set_palette+0x130/0x130
[   52.886538]  con_shutdown+0x7f/0x90
[   52.886545]  release_tty+0xb6/0x7a0
[   52.886552]  tty_release_struct+0x37/0x50
[   52.886559]  tty_release+0xaa6/0xd60
[   52.886568]  ? tty_release_struct+0x50/0x50
[   52.886573]  __fput+0x25f/0x790
[   52.886584]  task_work_run+0x113/0x190
[   52.886592]  do_exit+0x9f2/0x2b00
[   52.886599]  ? __do_page_fault+0x4e4/0xb40
[   52.886607]  ? mm_update_next_owner+0x5b0/0x5b0
[   52.886614]  ? lock_downgrade+0x6e0/0x6e0
[   52.886623]  do_group_exit+0x100/0x310
[   52.886631]  SyS_exit_group+0x19/0x20
[   52.886637]  ? do_group_exit+0x310/0x310
[   52.886643]  do_syscall_64+0x1d5/0x640
[   52.886652]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.886656] RIP: 0033:0x43ff38
[   52.886660] RSP: 002b:00007ffd6c688b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.886667] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[   52.886670] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   52.886674] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[   52.886678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.886682] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   52.888015] Kernel Offset: disabled
[   53.488567] Rebooting in 86400 seconds..