Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts.
[   44.290216] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   44.421997] audit: type=1400 audit(1584718446.134:36): avc:  denied  { map } for  pid=7348 comm="syz-executor837" path="/root/syz-executor837228334" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.491882] ==================================================================
[   44.491916] BUG: KASAN: use-after-free in con_shutdown+0x7f/0x90
[   44.491923] Write of size 8 at addr ffff88809b15eac8 by task syz-executor837/7356
[   44.491925] 
[   44.491933] CPU: 0 PID: 7356 Comm: syz-executor837 Not tainted 4.14.174-syzkaller #0
[   44.491938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.491941] Call Trace:
[   44.491953]  dump_stack+0x13e/0x194
[   44.491962]  ? con_shutdown+0x7f/0x90
[   44.491972]  print_address_description.cold+0x7c/0x1e2
[   44.491980]  ? con_shutdown+0x7f/0x90
[   44.491987]  kasan_report.cold+0xa9/0x2ae
[   44.491995]  ? set_palette+0x130/0x130
[   44.492003]  con_shutdown+0x7f/0x90
[   44.492011]  release_tty+0xb6/0x7a0
[   44.492020]  tty_release_struct+0x37/0x50
[   44.492028]  tty_release+0xaa6/0xd60
[   44.492042]  ? tty_release_struct+0x50/0x50
[   44.492050]  __fput+0x25f/0x790
[   44.492079]  task_work_run+0x113/0x190
[   44.492092]  do_exit+0x9f2/0x2b00
[   44.492101]  ? __do_page_fault+0x4e4/0xb40
[   44.492110]  ? mm_update_next_owner+0x5b0/0x5b0
[   44.492120]  ? lock_downgrade+0x6e0/0x6e0
[   44.492135]  do_group_exit+0x100/0x310
[   44.492144]  SyS_exit_group+0x19/0x20
[   44.492150]  ? do_group_exit+0x310/0x310
[   44.492157]  do_syscall_64+0x1d5/0x640
[   44.492170]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.492177] RIP: 0033:0x43ff38
[   44.492181] RSP: 002b:00007ffcfa09aed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   44.492190] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[   44.492194] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   44.492197] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[   44.492201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.492205] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   44.492217] 
[   44.492221] Allocated by task 7356:
[   44.492228]  save_stack+0x32/0xa0
[   44.492234]  kasan_kmalloc+0xbf/0xe0
[   44.492240]  kmem_cache_alloc_trace+0x14d/0x7b0
[   44.492247]  vc_allocate+0x142/0x550
[   44.492252]  con_install+0x4f/0x3e0
[   44.492266]  tty_init_dev+0xe1/0x3a0
[   44.492271]  tty_open+0x410/0x9c0
[   44.492277]  chrdev_open+0x1fc/0x540
[   44.492284]  do_dentry_open+0x732/0xe90
[   44.492290]  vfs_open+0x105/0x220
[   44.492297]  path_openat+0x8ca/0x3c50
[   44.492302]  do_filp_open+0x18e/0x250
[   44.492308]  do_sys_open+0x29d/0x3f0
[   44.492314]  do_syscall_64+0x1d5/0x640
[   44.492321]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.492324] 
[   44.492327] Freed by task 7358:
[   44.492333]  save_stack+0x32/0xa0
[   44.492339]  kasan_slab_free+0x75/0xc0
[   44.492344]  kfree+0xcb/0x260
[   44.492350]  vt_disallocate_all+0x25c/0x340
[   44.492355]  vt_ioctl+0x6e3/0x1f00
[   44.492361]  tty_ioctl+0x6c5/0x1220
[   44.492367]  do_vfs_ioctl+0x75a/0xfe0
[   44.492373]  SyS_ioctl+0x7f/0xb0
[   44.492384]  do_syscall_64+0x1d5/0x640
[   44.492391]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.492394] 
[   44.492399] The buggy address belongs to the object at ffff88809b15e9c0
[   44.492399]  which belongs to the cache kmalloc-2048 of size 2048
[   44.492405] The buggy address is located 264 bytes inside of
[   44.492405]  2048-byte region [ffff88809b15e9c0, ffff88809b15f1c0)
[   44.492408] The buggy address belongs to the page:
[   44.492414] page:ffffea00026c5780 count:1 mapcount:0 mapping:ffff88809b15e140 index:0x0 compound_mapcount: 0
[   44.492425] flags: 0xfffe0000008100(slab|head)
[   44.492436] raw: 00fffe0000008100 ffff88809b15e140 0000000000000000 0000000100000003
[   44.492444] raw: ffffea0002649ca0 ffffea00026e45a0 ffff88812fe56c40 0000000000000000
[   44.492447] page dumped because: kasan: bad access detected
[   44.492449] 
[   44.492452] Memory state around the buggy address:
[   44.492458]  ffff88809b15e980: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   44.492463]  ffff88809b15ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.492469] >ffff88809b15ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.492472]                                               ^
[   44.492477]  ffff88809b15eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.492483]  ffff88809b15eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.492486] ==================================================================
[   44.492488] Disabling lock debugging due to kernel taint
[   44.492522] Kernel panic - not syncing: panic_on_warn set ...
[   44.492522] 
[   44.492529] CPU: 0 PID: 7356 Comm: syz-executor837 Tainted: G    B           4.14.174-syzkaller #0
[   44.492533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.492535] Call Trace:
[   44.492544]  dump_stack+0x13e/0x194
[   44.492551]  panic+0x1f9/0x42d
[   44.492558]  ? add_taint.cold+0x16/0x16
[   44.492569]  ? con_shutdown+0x7f/0x90
[   44.492575]  kasan_end_report+0x43/0x49
[   44.492582]  kasan_report.cold+0x12f/0x2ae
[   44.492589]  ? set_palette+0x130/0x130
[   44.492595]  con_shutdown+0x7f/0x90
[   44.492602]  release_tty+0xb6/0x7a0
[   44.492609]  tty_release_struct+0x37/0x50
[   44.492616]  tty_release+0xaa6/0xd60
[   44.492626]  ? tty_release_struct+0x50/0x50
[   44.492631]  __fput+0x25f/0x790
[   44.492642]  task_work_run+0x113/0x190
[   44.492650]  do_exit+0x9f2/0x2b00
[   44.492657]  ? __do_page_fault+0x4e4/0xb40
[   44.492665]  ? mm_update_next_owner+0x5b0/0x5b0
[   44.492672]  ? lock_downgrade+0x6e0/0x6e0
[   44.492681]  do_group_exit+0x100/0x310
[   44.492688]  SyS_exit_group+0x19/0x20
[   44.492693]  ? do_group_exit+0x310/0x310
[   44.492699]  do_syscall_64+0x1d5/0x640
[   44.492708]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.492712] RIP: 0033:0x43ff38
[   44.492716] RSP: 002b:00007ffcfa09aed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   44.492722] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[   44.492725] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   44.492729] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[   44.492733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.492736] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   44.494067] Kernel Offset: disabled
[   45.077160] Rebooting in 86400 seconds..