INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.52' (ECDSA) to the list of known hosts.
2017/08/15 06:10:30 parsed 1 programs
2017/08/15 06:10:30 executed programs: 0
syzkaller login: [ 33.253717] ==================================================================
[ 33.254775] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801c9ba8dc0
[ 33.255971] Read of size 8 by task syz-executor0/3379
[ 33.256657] CPU: 1 PID: 3379 Comm: syz-executor0 Not tainted 4.9.43-g7073fca #25
[ 33.257642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.258943] ffff8801c9bd74c0 ffffffff81d92909 ffff8801da0013c0 ffff8801c9ba8dc0
[ 33.260095] ffff8801c9ba8ec0 ffffed00393751b8 ffff8801c9ba8dc0 ffff8801c9bd74e8
[ 33.261236] ffffffff8153c51c ffffed00393751b8 ffff8801da0013c0 0000000000000000
[ 33.262370] Call Trace:
[ 33.262726] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 33.263526] [<ffffffff8153c51c>] kasan_object_err+0x1c/0x70
[ 33.264298] [<ffffffff8153c7dc>] kasan_report.part.1+0x21c/0x500
[ 33.265180] [<ffffffff81cdfeb1>] ? bio_copy_user_iov+0xe61/0xea0
[ 33.266000] [<ffffffff8153cb79>] __asan_report_load8_noabort+0x29/0x30
[ 33.266908] [<ffffffff81cdfeb1>] bio_copy_user_iov+0xe61/0xea0
[ 33.267703] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 33.268500] [<ffffffff81e4319b>] ? __sbitmap_queue_get+0xfb/0x230
[ 33.269330] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 33.270088] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 33.270908] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 33.271727] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.272646] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 33.273491] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 33.277939] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 33.283794] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 33.290172] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 33.295947] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 33.301718] [<ffffffff838a6605>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 33.308605] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 33.315230] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 33.320729] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 33.326489] [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[ 33.332681] [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[ 33.339047] [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[ 33.344286] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 33.349872] [<ffffffff81e41972>] ? depot_save_stack+0x122/0x4a0
[ 33.355978] [<ffffffff815a265e>] ? putname+0xee/0x130
[ 33.361217] [<ffffffff8153b863>] ? save_stack+0xa3/0xd0
[ 33.366629] [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[ 33.372127] [<ffffffff81569a32>] ? do_sys_open+0x252/0x4c0
[ 33.377812] [<ffffffff81569ccd>] ? SyS_open+0x2d/0x40
[ 33.383052] [<ffffffff838a6985>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 33.389767] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.396742] [<ffffffff81e41972>] ? depot_save_stack+0x122/0x4a0
[ 33.402849] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.409825] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 33.415411] [<ffffffff8156a493>] __vfs_write+0x103/0x680
[ 33.420910] [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[ 33.426845] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 33.433737] [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[ 33.440722] [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[ 33.446570] [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[ 33.453201] [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[ 33.459922] [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[ 33.465771] [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[ 33.471096] [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[ 33.476335] [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[ 33.481754] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 33.488296] [<ffffffff838a6985>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 33.494837] Object at ffff8801c9ba8dc0, in cache kmalloc-256 size: 256
[ 33.501463] Allocated:
[ 33.503920] PID = 3379
[ 33.506382] save_stack_trace+0x16/0x20
[ 33.510320] save_stack+0x43/0xd0
[ 33.513735] kasan_kmalloc+0xad/0xe0
[ 33.517411] __kmalloc+0x11d/0x310
[ 33.520912] sg_build_indirect.isra.23+0x8b/0x550
[ 33.525714] sg_build_reserve+0x8d/0xb0
[ 33.529653] sg_open+0x946/0x15a0
[ 33.533069] chrdev_open+0x22b/0x4c0
[ 33.536746] do_dentry_open+0x607/0xc60
[ 33.540682] vfs_open+0x105/0x220
[ 33.544098] path_openat+0x64c/0x2a60
[ 33.547860] do_filp_open+0x197/0x290
[ 33.552194] do_sys_open+0x352/0x4c0
[ 33.555869] SyS_open+0x2d/0x40
[ 33.559116] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 33.563832] Freed:
[ 33.565943] PID = 3380
[ 33.568406] save_stack_trace+0x16/0x20
[ 33.572347] save_stack+0x43/0xd0
[ 33.575763] kasan_slab_free+0x73/0xc0
[ 33.579609] kfree+0xf0/0x2f0
[ 33.582684] sg_remove_scat.isra.20+0x212/0x2d0
[ 33.587315] sg_ioctl+0x12d0/0x29f0
[ 33.590906] do_vfs_ioctl+0x1aa/0x10c0
[ 33.594754] SyS_ioctl+0x8f/0xc0
[ 33.598084] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 33.602798] Memory state around the buggy address:
[ 33.607688] ffff8801c9ba8c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.615008] ffff8801c9ba8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.622329] >ffff8801c9ba8d80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 33.629647] ^
[ 33.635059] ffff8801c9ba8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.642378] ffff8801c9ba8e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 33.649696] ==================================================================
[ 33.657382] ==================================================================
[ 33.664713] BUG: KASAN: wild-memory-access on address 0005080000000000
[ 33.671339] Write of size 38 by task syz-executor0/3379
[ 33.676675] CPU: 1 PID: 3379 Comm: syz-executor0 Tainted: G B 4.9.43-g7073fca #25
[ 33.685383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.694704] ffff8801c9bd7448 ffffffff81d92909 ffff8801c9bd7618 0000000000000026
[ 33.702640] 0000000000000001 ffff8801c9bd7840 0005080000000000 ffff8801c9bd74d0
[ 33.710590] ffffffff8153c9cf 0000000000000000 0000000000000001 ffffffff81ddc1c4
[ 33.718534] Call Trace:
[ 33.721091] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 33.726422] [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500
[ 33.732618] [<ffffffff81ddc1c4>] ? copy_page_from_iter+0x1a4/0x5d0
[ 33.738988] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 33.744768] [<ffffffff8153cda0>] kasan_report+0x20/0x30
[ 33.750180] [<ffffffff8153b6e7>] check_memory_region+0x137/0x190
[ 33.756371] [<ffffffff8153b774>] kasan_check_write+0x14/0x20
[ 33.762217] [<ffffffff81ddc1c4>] copy_page_from_iter+0x1a4/0x5d0
[ 33.768411] [<ffffffff81cdfb55>] bio_copy_user_iov+0xb05/0xea0
[ 33.774431] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 33.780451] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 33.785867] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 33.792060] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 33.798257] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.805233] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 33.811427] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 33.817794] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 33.823639] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 33.830010] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 33.835769] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 33.841534] [<ffffffff838a6605>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 33.848421] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 33.855048] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 33.860547] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 33.866309] [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[ 33.872502] [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[ 33.878868] [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[ 33.884104] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 33.889693] [<ffffffff81e41972>] ? depot_save_stack+0x122/0x4a0
[ 33.895802] [<ffffffff815a265e>] ? putname+0xee/0x130
[ 33.901042] [<ffffffff8153b863>] ? save_stack+0xa3/0xd0
[ 33.906456] [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[ 33.911956] [<ffffffff81569a32>] ? do_sys_open+0x252/0x4c0
[ 33.917637] [<ffffffff81569ccd>] ? SyS_open+0x2d/0x40
[ 33.922879] [<ffffffff838a6985>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 33.929603] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.936592] [<ffffffff81e41972>] ? depot_save_stack+0x122/0x4a0
[ 33.942700] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.949675] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 33.955261] [<ffffffff8156a493>] __vfs_write+0x103/0x680
[ 33.960760] [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[ 33.966704] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 33.972474] [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[ 33.979450] [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[ 33.985298] [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[ 33.991937] [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[ 33.998651] [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[ 34.004508] [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[ 34.009833] [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[ 34.015072] [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[ 34.020485] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 34.027032] [<ffffffff838a6985>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 34.033571] ==================================================================
[ 34.041267] ==================================================================
[ 34.048597] BUG: KASAN: wild-memory-access on address 0005080000000000
[ 34.055225] Write of size 38 by task syz-executor0/3379
[ 34.060551] CPU: 1 PID: 3379 Comm: syz-executor0 Tainted: G B 4.9.43-g7073fca #25
[ 34.069265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.078585] ffff8801c9bd73f8 ffffffff81d92909 0005080000000000 0000000000000026
[ 34.086535] 0000000000000001 0000000020006fdb 0005080000000000 ffff8801c9bd7480
[ 34.094479] ffffffff8153c9cf 0000000000000000 0000000000000000 ffffffff81dc6014
[ 34.102431] Call Trace:
[ 34.104986] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 34.110317] [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500
[ 34.116512] [<ffffffff81dc6014>] ? copy_user_handle_tail+0xb4/0xd0
[ 34.122968] [<ffffffff838a73b9>] ? retint_kernel+0x2d/0x2d
[ 34.128641] [<ffffffff8153cda0>] kasan_report+0x20/0x30
[ 34.134053] [<ffffffff8153b6e7>] check_memory_region+0x137/0x190
[ 34.140246] [<ffffffff8153bb53>] memset+0x23/0x40
[ 34.145136] [<ffffffff81dc6014>] copy_user_handle_tail+0xb4/0xd0
[ 34.151337] [<ffffffff81ddc1e0>] copy_page_from_iter+0x1c0/0x5d0
[ 34.157542] [<ffffffff81cdfb55>] bio_copy_user_iov+0xb05/0xea0
[ 34.163565] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 34.169599] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 34.175021] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 34.181214] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 34.187410] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 34.194386] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 34.200579] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 34.206956] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 34.212803] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 34.219174] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 34.224935] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 34.230697] [<ffffffff838a6605>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 34.237590] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 34.244217] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 34.249725] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0