INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-9,10.128.15.200' (ECDSA) to the list of known hosts.
2017/08/12 07:03:17 parsed 1 programs
2017/08/12 07:03:17 executed programs: 0
syzkaller login: [ 43.002016] ==================================================================
[ 43.003041] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801cdd2d780
[ 43.004202] Read of size 8 by task syz-executor0/3311
[ 43.004939] CPU: 0 PID: 3311 Comm: syz-executor0 Not tainted 4.9.41-g4501c04 #23
[ 43.006003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.007243] ffff8801d4f374c0 ffffffff81d92609 ffff8801da0013c0 ffff8801cdd2d780
[ 43.008398] ffff8801cdd2d880 ffffed0039ba5af0 ffff8801cdd2d780 ffff8801d4f374e8
[ 43.009509] ffffffff8153c1bc ffffed0039ba5af0 ffff8801da0013c0 0000000000000000
[ 43.010625] Call Trace:
[ 43.010978] [<ffffffff81d92609>] dump_stack+0xc1/0x128
[ 43.011685] [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70
[ 43.012458] [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500
[ 43.013357] [<ffffffff81cdfbb1>] ? bio_copy_user_iov+0xe61/0xea0
[ 43.014173] [<ffffffff8153c819>] __asan_report_load8_noabort+0x29/0x30
[ 43.015058] [<ffffffff81cdfbb1>] bio_copy_user_iov+0xe61/0xea0
[ 43.015853] [<ffffffff81cded50>] ? bio_uncopy_user+0x600/0x600
[ 43.016651] [<ffffffff81e42e9b>] ? __sbitmap_queue_get+0xfb/0x230
[ 43.017494] [<ffffffff81d2fb09>] ? __bt_get+0x199/0x1f0
[ 43.018210] [<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790
[ 43.019028] [<ffffffff81d138d0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 43.019846] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.020763] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 43.021613] [<ffffffff81dd05f4>] ? import_single_range+0x1d4/0x2b0
[ 43.022469] [<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0
[ 43.028315] [<ffffffff81d14060>] ? blk_rq_map_user_iov+0x790/0x790
[ 43.034687] [<ffffffff8265fd6f>] ? sg_res_in_use+0x1f/0x130
[ 43.040450] [<ffffffff8265fe3a>] ? sg_res_in_use+0xea/0x130
[ 43.046216] [<ffffffff838a5625>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 43.053112] [<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 43.059743] [<ffffffff82667c40>] ? sg_open+0x15a0/0x15a0
[ 43.065251] [<ffffffff814c0d34>] ? __might_fault+0xe4/0x1d0
[ 43.071013] [<ffffffff81562608>] ? check_stack_object+0x68/0x140
[ 43.077204] [<ffffffff81562854>] ? __check_object_size+0x174/0x3a9
[ 43.083571] [<ffffffff8266cc78>] sg_write+0x688/0xad0
[ 43.088810] [<ffffffff8266c5f0>] ? sg_ioctl+0x29f0/0x29f0
[ 43.094399] [<ffffffff81e41672>] ? depot_save_stack+0x122/0x4a0
[ 43.100507] [<ffffffff815a22fe>] ? putname+0xee/0x130
[ 43.105746] [<ffffffff8153b503>] ? save_stack+0xa3/0xd0
[ 43.111160] [<ffffffff812e3268>] ? do_futex+0x3e8/0x1640
[ 43.116659] [<ffffffff815696d2>] ? do_sys_open+0x252/0x4c0
[ 43.122330] [<ffffffff8156996d>] ? SyS_open+0x2d/0x40
[ 43.127571] [<ffffffff838a5985>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 43.134287] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.141265] [<ffffffff81e41672>] ? depot_save_stack+0x122/0x4a0
[ 43.147379] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.154353] [<ffffffff8266c5f0>] ? sg_ioctl+0x29f0/0x29f0
[ 43.159939] [<ffffffff8156a133>] __vfs_write+0x103/0x680
[ 43.165437] [<ffffffff8156a030>] ? default_llseek+0x290/0x290
[ 43.171376] [<ffffffff811ba745>] ? __might_sleep+0x95/0x1a0
[ 43.177143] [<ffffffff81be06c9>] ? __inode_security_revalidate+0xd9/0x130
[ 43.184118] [<ffffffff81bda209>] ? avc_policy_seqno+0x9/0x20
[ 43.189966] [<ffffffff81beaba2>] ? selinux_file_permission+0x82/0x460
[ 43.196591] [<ffffffff81bd12b9>] ? security_file_permission+0x89/0x1e0
[ 43.203306] [<ffffffff8156dbf5>] ? rw_verify_area+0xe5/0x2b0
[ 43.209153] [<ffffffff8156e260>] vfs_write+0x170/0x4e0
[ 43.214479] [<ffffffff81571c59>] SyS_write+0xd9/0x1b0
[ 43.219725] [<ffffffff81571b80>] ? SyS_read+0x1b0/0x1b0
[ 43.225138] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 43.231683] [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 43.238224] Object at ffff8801cdd2d780, in cache kmalloc-256 size: 256
[ 43.244849] Allocated:
[ 43.247304] PID = 3311
[ 43.249763] save_stack_trace+0x16/0x20
[ 43.253699] save_stack+0x43/0xd0
[ 43.257114] kasan_kmalloc+0xad/0xe0
[ 43.260788] __kmalloc+0x11d/0x310
[ 43.264290] sg_build_indirect.isra.23+0x8b/0x550
[ 43.269094] sg_build_reserve+0x8d/0xb0
[ 43.273038] sg_open+0x946/0x15a0
[ 43.276453] chrdev_open+0x22b/0x4c0
[ 43.280127] do_dentry_open+0x607/0xc60
[ 43.284064] vfs_open+0x105/0x220
[ 43.287481] path_openat+0x64c/0x2a60
[ 43.291248] do_filp_open+0x197/0x290
[ 43.295011] do_sys_open+0x352/0x4c0
[ 43.298683] SyS_open+0x2d/0x40
[ 43.301925] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 43.306638] Freed:
[ 43.308754] PID = 3312
[ 43.311216] save_stack_trace+0x16/0x20
[ 43.315154] save_stack+0x43/0xd0
[ 43.318569] kasan_slab_free+0x73/0xc0
[ 43.322417] kfree+0xf0/0x2f0
[ 43.325486] sg_remove_scat.isra.20+0x212/0x2d0
[ 43.330115] sg_ioctl+0x12d0/0x29f0
[ 43.333703] do_vfs_ioctl+0x1aa/0x10c0
[ 43.337551] SyS_ioctl+0x8f/0xc0
[ 43.340878] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 43.345593] Memory state around the buggy address:
[ 43.350484] ffff8801cdd2d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.357810] ffff8801cdd2d700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 43.365130] >ffff8801cdd2d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.372447] ^
[ 43.375776] ffff8801cdd2d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.383095] ffff8801cdd2d880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 43.390422] ==================================================================
[ 43.397956] ==================================================================
[ 43.405282] BUG: KASAN: wild-memory-access on address ffe708744e790000
[ 43.411906] Write of size 38 by task syz-executor0/3311
[ 43.417236] CPU: 0 PID: 3311 Comm: syz-executor0 Tainted: G B 4.9.41-g4501c04 #23
[ 43.425946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.435268] ffff8801d4f37448 ffffffff81d92609 ffff8801d4f37618 0000000000000026
[ 43.443199] 0000000000000001 ffff8801d4f37840 ffe708744e790000 ffff8801d4f374d0
[ 43.451132] ffffffff8153c66f 0000000000000000 0000000000000001 ffffffff81ddbec4
[ 43.459063] Call Trace:
[ 43.461620] [<ffffffff81d92609>] dump_stack+0xc1/0x128
[ 43.466947] [<ffffffff8153c66f>] kasan_report.part.1+0x40f/0x500
[ 43.473142] [<ffffffff81ddbec4>] ? copy_page_from_iter+0x1a4/0x5d0
[ 43.479511] [<ffffffff814c0d34>] ? __might_fault+0xe4/0x1d0
[ 43.485271] [<ffffffff8153ca40>] kasan_report+0x20/0x30
[ 43.490688] [<ffffffff8153b387>] check_memory_region+0x137/0x190
[ 43.496884] [<ffffffff8153b414>] kasan_check_write+0x14/0x20
[ 43.502730] [<ffffffff81ddbec4>] copy_page_from_iter+0x1a4/0x5d0
[ 43.508969] [<ffffffff81cdf855>] bio_copy_user_iov+0xb05/0xea0
[ 43.515000] [<ffffffff81cded50>] ? bio_uncopy_user+0x600/0x600
[ 43.521019] [<ffffffff81d2fb09>] ? __bt_get+0x199/0x1f0
[ 43.526436] [<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790
[ 43.532670] [<ffffffff81d138d0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 43.538865] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.545841] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 43.552046] [<ffffffff81dd05f4>] ? import_single_range+0x1d4/0x2b0
[ 43.558416] [<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0
[ 43.564262] [<ffffffff81d14060>] ? blk_rq_map_user_iov+0x790/0x790
[ 43.570629] [<ffffffff8265fd6f>] ? sg_res_in_use+0x1f/0x130
[ 43.576387] [<ffffffff8265fe3a>] ? sg_res_in_use+0xea/0x130
[ 43.582148] [<ffffffff838a5625>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 43.589035] [<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 43.595662] [<ffffffff82667c40>] ? sg_open+0x15a0/0x15a0
[ 43.601165] [<ffffffff814c0d34>] ? __might_fault+0xe4/0x1d0
[ 43.606922] [<ffffffff81562608>] ? check_stack_object+0x68/0x140
[ 43.613118] [<ffffffff81562854>] ? __check_object_size+0x174/0x3a9
[ 43.619486] [<ffffffff8266cc78>] sg_write+0x688/0xad0
[ 43.624723] [<ffffffff8266c5f0>] ? sg_ioctl+0x29f0/0x29f0
[ 43.630312] [<ffffffff81e41672>] ? depot_save_stack+0x122/0x4a0
[ 43.636419] [<ffffffff815a22fe>] ? putname+0xee/0x130
[ 43.641659] [<ffffffff8153b503>] ? save_stack+0xa3/0xd0
[ 43.647075] [<ffffffff812e3268>] ? do_futex+0x3e8/0x1640
[ 43.652572] [<ffffffff815696d2>] ? do_sys_open+0x252/0x4c0
[ 43.658241] [<ffffffff8156996d>] ? SyS_open+0x2d/0x40
[ 43.663482] [<ffffffff838a5985>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 43.670236] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.677214] [<ffffffff81e41672>] ? depot_save_stack+0x122/0x4a0
[ 43.683322] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.690298] [<ffffffff8266c5f0>] ? sg_ioctl+0x29f0/0x29f0
[ 43.695884] [<ffffffff8156a133>] __vfs_write+0x103/0x680
[ 43.701402] [<ffffffff8156a030>] ? default_llseek+0x290/0x290
[ 43.707333] [<ffffffff811ba745>] ? __might_sleep+0x95/0x1a0
[ 43.713092] [<ffffffff81be06c9>] ? __inode_security_revalidate+0xd9/0x130
[ 43.720067] [<ffffffff81bda209>] ? avc_policy_seqno+0x9/0x20
[ 43.725910] [<ffffffff81beaba2>] ? selinux_file_permission+0x82/0x460
[ 43.732536] [<ffffffff81bd12b9>] ? security_file_permission+0x89/0x1e0
[ 43.739258] [<ffffffff8156dbf5>] ? rw_verify_area+0xe5/0x2b0
[ 43.745103] [<ffffffff8156e260>] vfs_write+0x170/0x4e0
[ 43.750427] [<ffffffff81571c59>] SyS_write+0xd9/0x1b0
[ 43.755664] [<ffffffff81571b80>] ? SyS_read+0x1b0/0x1b0
[ 43.761078] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 43.767622] [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 43.774159] ==================================================================
[ 43.781769] ==================================================================
[ 43.789098] BUG: KASAN: wild-memory-access on address ffe708744e790000
[ 43.795733] Write of size 38 by task syz-executor0/3311
[ 43.801058] CPU: 0 PID: 3311 Comm: syz-executor0 Tainted: G B 4.9.41-g4501c04 #23
[ 43.809768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.819091] ffff8801d4f373f8 ffffffff81d92609 ffe708744e790000 0000000000000026
[ 43.827029] 0000000000000001 0000000020006fdb ffe708744e790000 ffff8801d4f37480
[ 43.834958] ffffffff8153c66f 0000000000000000 0000000000000000 ffffffff81dc5d14
[ 43.842891] Call Trace:
[ 43.845442] [<ffffffff81d92609>] dump_stack+0xc1/0x128
[ 43.850769] [<ffffffff8153c66f>] kasan_report.part.1+0x40f/0x500
[ 43.856963] [<ffffffff81dc5d14>] ? copy_user_handle_tail+0xb4/0xd0
[ 43.863329] [<ffffffff838a63b9>] ? retint_kernel+0x2d/0x2d
[ 43.869009] [<ffffffff8153ca40>] kasan_report+0x20/0x30
[ 43.874419] [<ffffffff8153b387>] check_memory_region+0x137/0x190
[ 43.880620] [<ffffffff8153b7f3>] memset+0x23/0x40
[ 43.885518] [<ffffffff81dc5d14>] copy_user_handle_tail+0xb4/0xd0
[ 43.891721] [<ffffffff81ddbee0>] copy_page_from_iter+0x1c0/0x5d0
[ 43.897928] [<ffffffff81cdf855>] bio_copy_user_iov+0xb05/0xea0
[ 43.903960] [<ffffffff81cded50>] ? bio_uncopy_user+0x600/0x600
[ 43.909987] [<ffffffff81d2fb09>] ? __bt_get+0x199/0x1f0
[ 43.915406] [<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790
[ 43.921607] [<ffffffff81d138d0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 43.927810] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 43.934788] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 43.940996] [<ffffffff81dd05f4>] ? import_single_range+0x1d4/0x2b0
[ 43.947373] [<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0
[ 43.953221] [<ffffffff81d14060>] ? blk_rq_map_user_iov+0x790/0x790
[ 43.959592] [<ffffffff8265fd6f>] ? sg_res_in_use+0x1f/0x130
[ 43.965360] [<ffffffff8265fe3a>] ? sg_res_in_use+0xea/0x130
[ 43.971125] [<ffffffff838a5625>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 43.978016] [<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 43.984644] [<ffffffff82667c40>] ? sg_open+0x15a0/0x15a0
[ 43.990147] [<ffffffff814c0d34>] ? __might_fault+0xe4/0x1d0
[ 43.995909] [<ffffffff81562608>] ? check_stack_object+0x68/0x140