INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.59' (ECDSA) to the list of known hosts.
2017/08/24 08:21:55 parsed 1 programs
2017/08/24 08:21:55 executed programs: 0
syzkaller login: [ 50.483843] ==================================================================
[ 50.484941] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801d78303c0
[ 50.486102] Read of size 8 by task syz-executor0/3648
[ 50.486826] CPU: 1 PID: 3648 Comm: syz-executor0 Not tainted 4.9.44-g34803e7 #33
[ 50.487827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.489046] ffff8801d6f874c0 ffffffff81d929c9 ffff8801da0013c0 ffff8801d78303c0
[ 50.490190] ffff8801d78304c0 ffffed003af06078 ffff8801d78303c0 ffff8801d6f874e8
[ 50.491350] ffffffff8153c5ec ffffed003af06078 ffff8801da0013c0 0000000000000000
[ 50.492479] Call Trace:
[ 50.492832] [<ffffffff81d929c9>] dump_stack+0xc1/0x128
[ 50.493541] [<ffffffff8153c5ec>] kasan_object_err+0x1c/0x70
[ 50.494304] [<ffffffff8153c8ac>] kasan_report.part.1+0x21c/0x500
[ 50.495139] [<ffffffff81cdff71>] ? bio_copy_user_iov+0xe61/0xea0
[ 50.495957] [<ffffffff8153cc49>] __asan_report_load8_noabort+0x29/0x30
[ 50.496854] [<ffffffff81cdff71>] bio_copy_user_iov+0xe61/0xea0
[ 50.497655] [<ffffffff81cdf110>] ? bio_uncopy_user+0x600/0x600
[ 50.498604] [<ffffffff81e4325b>] ? __sbitmap_queue_get+0xfb/0x230
[ 50.499473] [<ffffffff81d2fec9>] ? __bt_get+0x199/0x1f0
[ 50.500195] [<ffffffff81d13ec7>] blk_rq_map_user_iov+0x237/0x790
[ 50.501014] [<ffffffff81d13c90>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 50.501837] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 50.502791] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 50.503629] [<ffffffff81dd09b4>] ? import_single_range+0x1d4/0x2b0
[ 50.507975] [<ffffffff81d14531>] blk_rq_map_user+0x111/0x1a0
[ 50.513823] [<ffffffff81d14420>] ? blk_rq_map_user_iov+0x790/0x790
[ 50.520191] [<ffffffff8266011f>] ? sg_res_in_use+0x1f/0x130
[ 50.525952] [<ffffffff826601ea>] ? sg_res_in_use+0xea/0x130
[ 50.531717] [<ffffffff838a6515>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 50.538605] [<ffffffff82668c0a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 50.545232] [<ffffffff82667ff0>] ? sg_open+0x15a0/0x15a0
[ 50.550733] [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0
[ 50.556495] [<ffffffff81562a38>] ? check_stack_object+0x68/0x140
[ 50.562687] [<ffffffff81562c84>] ? __check_object_size+0x174/0x3a9
[ 50.569055] [<ffffffff8266d028>] sg_write+0x688/0xad0
[ 50.574292] [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[ 50.579877] [<ffffffff81e41a32>] ? depot_save_stack+0x122/0x4a0
[ 50.585987] [<ffffffff815a272e>] ? putname+0xee/0x130
[ 50.591227] [<ffffffff8153b933>] ? save_stack+0xa3/0xd0
[ 50.596641] [<ffffffff812e3478>] ? do_futex+0x3e8/0x1640
[ 50.602142] [<ffffffff81569b02>] ? do_sys_open+0x252/0x4c0
[ 50.607816] [<ffffffff81569d9d>] ? SyS_open+0x2d/0x40
[ 50.613056] [<ffffffff838a6885>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 50.619772] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 50.626748] [<ffffffff81e41a32>] ? depot_save_stack+0x122/0x4a0
[ 50.632855] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 50.639829] [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[ 50.645415] [<ffffffff8156a563>] __vfs_write+0x103/0x680
[ 50.650914] [<ffffffff8156a460>] ? default_llseek+0x290/0x290
[ 50.656851] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 50.662613] [<ffffffff81be0a99>] ? __inode_security_revalidate+0xd9/0x130
[ 50.669591] [<ffffffff81bda5d9>] ? avc_policy_seqno+0x9/0x20
[ 50.675442] [<ffffffff81beaf72>] ? selinux_file_permission+0x82/0x460
[ 50.682071] [<ffffffff81bd1689>] ? security_file_permission+0x89/0x1e0
[ 50.688786] [<ffffffff8156e025>] ? rw_verify_area+0xe5/0x2b0
[ 50.694633] [<ffffffff8156e690>] vfs_write+0x170/0x4e0
[ 50.699961] [<ffffffff81572089>] SyS_write+0xd9/0x1b0
[ 50.705761] [<ffffffff81571fb0>] ? SyS_read+0x1b0/0x1b0
[ 50.711179] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 50.717723] [<ffffffff838a6885>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 50.724266] Object at ffff8801d78303c0, in cache kmalloc-256 size: 256
[ 50.730891] Allocated:
[ 50.733349] PID = 3648
[ 50.735814] save_stack_trace+0x16/0x20
[ 50.739751] save_stack+0x43/0xd0
[ 50.743166] kasan_kmalloc+0xad/0xe0
[ 50.747275] __kmalloc+0x11d/0x310
[ 50.750778] sg_build_indirect.isra.23+0x8b/0x550
[ 50.755582] sg_build_reserve+0x8d/0xb0
[ 50.759519] sg_open+0x946/0x15a0
[ 50.762933] chrdev_open+0x22b/0x4c0
[ 50.766612] do_dentry_open+0x607/0xc60
[ 50.770549] vfs_open+0x105/0x220
[ 50.773966] path_openat+0x64c/0x2a60
[ 50.777728] do_filp_open+0x197/0x290
[ 50.781490] do_sys_open+0x352/0x4c0
[ 50.785165] SyS_open+0x2d/0x40
[ 50.788407] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 50.793124] Freed:
[ 50.795234] PID = 3649
[ 50.797694] save_stack_trace+0x16/0x20
[ 50.801631] save_stack+0x43/0xd0
[ 50.805045] kasan_slab_free+0x73/0xc0
[ 50.808893] kfree+0xf0/0x2f0
[ 50.811962] sg_remove_scat.isra.20+0x212/0x2d0
[ 50.816593] sg_ioctl+0x12d0/0x29f0
[ 50.820182] do_vfs_ioctl+0x1aa/0x10c0
[ 50.824031] SyS_ioctl+0x8f/0xc0
[ 50.827361] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 50.832077] Memory state around the buggy address:
[ 50.836970] ffff8801d7830280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.844293] ffff8801d7830300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.851616] >ffff8801d7830380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 50.858938] ^
[ 50.864351] ffff8801d7830400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.871674] ffff8801d7830480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 50.878996] ==================================================================
[ 50.886559] ==================================================================
[ 50.893888] BUG: KASAN: wild-memory-access on address ffe7087631eb8000
[ 50.900521] Write of size 38 by task syz-executor0/3648
[ 50.905870] CPU: 1 PID: 3648 Comm: syz-executor0 Tainted: G B 4.9.44-g34803e7 #33
[ 50.914581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.923903] ffff8801d6f87448 ffffffff81d929c9 ffff8801d6f87618 0000000000000026
[ 50.931852] 0000000000000001 ffff8801d6f87840 ffe7087631eb8000 ffff8801d6f874d0
[ 50.939799] ffffffff8153ca9f 0000000000000000 0000000000000001 ffffffff81ddc284
[ 50.947747] Call Trace:
[ 50.950304] [<ffffffff81d929c9>] dump_stack+0xc1/0x128
[ 50.955649] [<ffffffff8153ca9f>] kasan_report.part.1+0x40f/0x500
[ 50.961871] [<ffffffff81ddc284>] ? copy_page_from_iter+0x1a4/0x5d0
[ 50.968247] [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0
[ 50.974010] [<ffffffff8153ce70>] kasan_report+0x20/0x30
[ 50.979423] [<ffffffff8153b7b7>] check_memory_region+0x137/0x190
[ 50.985616] [<ffffffff8153b844>] kasan_check_write+0x14/0x20
[ 50.991462] [<ffffffff81ddc284>] copy_page_from_iter+0x1a4/0x5d0
[ 50.997659] [<ffffffff81cdfc15>] bio_copy_user_iov+0xb05/0xea0
[ 51.003680] [<ffffffff81cdf110>] ? bio_uncopy_user+0x600/0x600
[ 51.009704] [<ffffffff81d2fec9>] ? __bt_get+0x199/0x1f0
[ 51.015120] [<ffffffff81d13ec7>] blk_rq_map_user_iov+0x237/0x790
[ 51.021317] [<ffffffff81d13c90>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 51.027516] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 51.034495] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 51.040690] [<ffffffff81dd09b4>] ? import_single_range+0x1d4/0x2b0
[ 51.047058] [<ffffffff81d14531>] blk_rq_map_user+0x111/0x1a0
[ 51.052905] [<ffffffff81d14420>] ? blk_rq_map_user_iov+0x790/0x790
[ 51.059276] [<ffffffff8266011f>] ? sg_res_in_use+0x1f/0x130
[ 51.065036] [<ffffffff826601ea>] ? sg_res_in_use+0xea/0x130
[ 51.070799] [<ffffffff838a6515>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 51.077689] [<ffffffff82668c0a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 51.084317] [<ffffffff82667ff0>] ? sg_open+0x15a0/0x15a0
[ 51.089821] [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0
[ 51.095583] [<ffffffff81562a38>] ? check_stack_object+0x68/0x140
[ 51.101788] [<ffffffff81562c84>] ? __check_object_size+0x174/0x3a9
[ 51.108156] [<ffffffff8266d028>] sg_write+0x688/0xad0
[ 51.113393] [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[ 51.118984] [<ffffffff81e41a32>] ? depot_save_stack+0x122/0x4a0
[ 51.125094] [<ffffffff815a272e>] ? putname+0xee/0x130
[ 51.130333] [<ffffffff8153b933>] ? save_stack+0xa3/0xd0
[ 51.135748] [<ffffffff812e3478>] ? do_futex+0x3e8/0x1640
[ 51.141248] [<ffffffff81569b02>] ? do_sys_open+0x252/0x4c0
[ 51.146921] [<ffffffff81569d9d>] ? SyS_open+0x2d/0x40
[ 51.152162] [<ffffffff838a6885>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 51.158879] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 51.165856] [<ffffffff81e41a32>] ? depot_save_stack+0x122/0x4a0
[ 51.171966] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 51.178942] [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[ 51.184527] [<ffffffff8156a563>] __vfs_write+0x103/0x680
[ 51.190027] [<ffffffff8156a460>] ? default_llseek+0x290/0x290
[ 51.195961] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 51.201723] [<ffffffff81be0a99>] ? __inode_security_revalidate+0xd9/0x130
[ 51.208696] [<ffffffff81bda5d9>] ? avc_policy_seqno+0x9/0x20
[ 51.214544] [<ffffffff81beaf72>] ? selinux_file_permission+0x82/0x460
[ 51.221176] [<ffffffff81bd1689>] ? security_file_permission+0x89/0x1e0
[ 51.227891] [<ffffffff8156e025>] ? rw_verify_area+0xe5/0x2b0
[ 51.233738] [<ffffffff8156e690>] vfs_write+0x170/0x4e0
[ 51.239064] [<ffffffff81572089>] SyS_write+0xd9/0x1b0
[ 51.244305] [<ffffffff81571fb0>] ? SyS_read+0x1b0/0x1b0
[ 51.249717] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 51.256260] [<ffffffff838a6885>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 51.262798] ==================================================================
[ 51.270249] ==================================================================
[ 51.277578] BUG: KASAN: wild-memory-access on address ffe7087631eb8000
[ 51.284207] Write of size 38 by task syz-executor0/3648
[ 51.289535] CPU: 1 PID: 3648 Comm: syz-executor0 Tainted: G B 4.9.44-g34803e7 #33
[ 51.298243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.307561] ffff8801d6f873f8 ffffffff81d929c9 ffe7087631eb8000 0000000000000026
[ 51.315504] 0000000000000001 0000000020006fdb ffe7087631eb8000 ffff8801d6f87480
[ 51.323453] ffffffff8153ca9f 0000000000000000 0000000000000000 ffffffff81dc60d4
[ 51.331399] Call Trace:
[ 51.333952] [<ffffffff81d929c9>] dump_stack+0xc1/0x128
[ 51.339280] [<ffffffff8153ca9f>] kasan_report.part.1+0x40f/0x500
[ 51.345478] [<ffffffff81dc60d4>] ? copy_user_handle_tail+0xb4/0xd0
[ 51.351850] [<ffffffff838a72b9>] ? retint_kernel+0x2d/0x2d
[ 51.357535] [<ffffffff8153ce70>] kasan_report+0x20/0x30
[ 51.362948] [<ffffffff8153b7b7>] check_memory_region+0x137/0x190
[ 51.369142] [<ffffffff8153bc23>] memset+0x23/0x40
[ 51.374033] [<ffffffff81dc60d4>] copy_user_handle_tail+0xb4/0xd0
[ 51.380229] [<ffffffff81ddc2a0>] copy_page_from_iter+0x1c0/0x5d0
[ 51.386427] [<ffffffff81cdfc15>] bio_copy_user_iov+0xb05/0xea0
[ 51.392447] [<ffffffff81cdf110>] ? bio_uncopy_user+0x600/0x600
[ 51.398468] [<ffffffff81d2fec9>] ? __bt_get+0x199/0x1f0
[ 51.403883] [<ffffffff81d13ec7>] blk_rq_map_user_iov+0x237/0x790
[ 51.410083] [<ffffffff81d13c90>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 51.416280] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 51.423257] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 51.429453] [<ffffffff81dd09b4>] ? import_single_range+0x1d4/0x2b0
[ 51.435824] [<ffffffff81d14531>] blk_rq_map_user+0x111/0x1a0
[ 51.441671] [<ffffffff81d14420>] ? blk_rq_map_user_iov+0x790/0x790
[ 51.448042] [<ffffffff8266011f>] ? sg_res_in_use+0x1f/0x130
[ 51.453803] [<ffffffff826601ea>] ? sg_res_in_use+0xea/0x130
[ 51.459569] [<ffffffff838a6515>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 51.466460] [<ffffffff82668c0a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 51.473088] [<ffffffff82667ff0>] ? sg_open+0x15a0/0x15a0
[ 51.478594] [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0