INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.32' (ECDSA) to the list of known hosts.
2017/08/12 17:14:01 parsed 1 programs
2017/08/12 17:14:01 executed programs: 0
syzkaller login: [ 30.058796] ==================================================================
[ 30.060161] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801c8a21b40
[ 30.061505] Read of size 8 by task syz-executor6/3403
[ 30.062226] CPU: 1 PID: 3403 Comm: syz-executor6 Not tainted 4.9.42-g02f29ab #24
[ 30.063429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.065060] ffff8801c6e874c0 ffffffff81d92909 ffff8801da0013c0 ffff8801c8a21b40
[ 30.066412] ffff8801c8a21c40 ffffed0039144368 ffff8801c8a21b40 ffff8801c6e874e8
[ 30.067796] ffffffff8153c51c ffffed0039144368 ffff8801da0013c0 0000000000000000
[ 30.069187] Call Trace:
[ 30.069727] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 30.070483] [<ffffffff8153c51c>] kasan_object_err+0x1c/0x70
[ 30.071262] [<ffffffff8153c7dc>] kasan_report.part.1+0x21c/0x500
[ 30.072094] [<ffffffff81cdfeb1>] ? bio_copy_user_iov+0xe61/0xea0
[ 30.073145] [<ffffffff8153cb79>] __asan_report_load8_noabort+0x29/0x30
[ 30.074208] [<ffffffff81cdfeb1>] bio_copy_user_iov+0xe61/0xea0
[ 30.075236] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 30.076271] [<ffffffff81e4319b>] ? __sbitmap_queue_get+0xfb/0x230
[ 30.077170] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 30.077925] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 30.078763] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 30.083659] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.090640] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 30.096838] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 30.103216] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 30.109063] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 30.115441] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 30.121203] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 30.126971] [<ffffffff838a56a5>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 30.133858] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 30.140522] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 30.146026] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 30.151794] [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[ 30.158006] [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[ 30.164391] [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[ 30.169645] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 30.175236] [<ffffffff82eca0c6>] ? sock_alloc_inode+0x66/0x250
[ 30.181258] [<ffffffff82ec7221>] ? sock_alloc+0x41/0x270
[ 30.186759] [<ffffffff82ecce35>] ? __sock_create+0xa5/0x640
[ 30.192520] [<ffffffff82ecd600>] ? SyS_socket+0xf0/0x1b0
[ 30.198023] [<ffffffff838a5a05>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 30.204743] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.211722] [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[ 30.217225] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.224202] [<ffffffff8153b915>] ? kasan_unpoison_shadow+0x35/0x50
[ 30.230577] [<ffffffff8153ba8d>] ? kasan_kmalloc+0xad/0xe0
[ 30.236256] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.243257] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 30.248878] [<ffffffff8156a493>] __vfs_write+0x103/0x680
[ 30.254382] [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[ 30.260319] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 30.266094] [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[ 30.273076] [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[ 30.278928] [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[ 30.285562] [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[ 30.292282] [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[ 30.298157] [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[ 30.303500] [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[ 30.308743] [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[ 30.314156] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.320707] [<ffffffff838a5a05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 30.327252] Object at ffff8801c8a21b40, in cache kmalloc-256 size: 256
[ 30.333876] Allocated:
[ 30.336350] PID = 3406
[ 30.338830] save_stack_trace+0x16/0x20
[ 30.342770] save_stack+0x43/0xd0
[ 30.346189] kasan_kmalloc+0xad/0xe0
[ 30.349862] __kmalloc+0x11d/0x310
[ 30.353366] sg_build_indirect.isra.23+0x8b/0x550
[ 30.358173] sg_build_reserve+0x8d/0xb0
[ 30.362107] sg_open+0x946/0x15a0
[ 30.365525] chrdev_open+0x22b/0x4c0
[ 30.369201] do_dentry_open+0x607/0xc60
[ 30.373138] vfs_open+0x105/0x220
[ 30.376570] path_openat+0x64c/0x2a60
[ 30.380336] do_filp_open+0x197/0x290
[ 30.384105] do_sys_open+0x352/0x4c0
[ 30.387787] SyS_open+0x2d/0x40
[ 30.391033] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 30.395747] Freed:
[ 30.397858] PID = 3406
[ 30.400341] save_stack_trace+0x16/0x20
[ 30.404279] save_stack+0x43/0xd0
[ 30.407711] kasan_slab_free+0x73/0xc0
[ 30.411560] kfree+0xf0/0x2f0
[ 30.414634] sg_remove_scat.isra.20+0x212/0x2d0
[ 30.419263] sg_ioctl+0x12d0/0x29f0
[ 30.422858] do_vfs_ioctl+0x1aa/0x10c0
[ 30.426708] SyS_ioctl+0x8f/0xc0
[ 30.430040] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 30.434756] Memory state around the buggy address:
[ 30.439649] ffff8801c8a21a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.446971] ffff8801c8a21a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.454295] >ffff8801c8a21b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 30.461617] ^
[ 30.467030] ffff8801c8a21b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.474359] ffff8801c8a21c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 30.481680] ==================================================================
[ 30.490441] ==================================================================
[ 30.497813] BUG: KASAN: wild-memory-access on address ffe7087636e78000
[ 30.504443] Write of size 2 by task syz-executor6/3403
[ 30.509685] CPU: 0 PID: 3403 Comm: syz-executor6 Tainted: G B 4.9.42-g02f29ab #24
[ 30.518395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.527714] ffff8801c6e87448 ffffffff81d92909 ffff8801c6e87618 0000000000000002
[ 30.535680] 0000000000000001 ffff8801c6e87840 ffe7087636e78000 ffff8801c6e874d0
[ 30.543627] ffffffff8153c9cf 0000000000000000 0000000000000001 ffffffff81ddc1c4
[ 30.551561] Call Trace:
[ 30.554117] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 30.559462] [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500
[ 30.565677] [<ffffffff81ddc1c4>] ? copy_page_from_iter+0x1a4/0x5d0
[ 30.572051] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 30.577832] [<ffffffff8153cda0>] kasan_report+0x20/0x30
[ 30.583244] [<ffffffff8153b6e7>] check_memory_region+0x137/0x190
[ 30.589439] [<ffffffff8153b774>] kasan_check_write+0x14/0x20
[ 30.595295] [<ffffffff81ddc1c4>] copy_page_from_iter+0x1a4/0x5d0
[ 30.601496] [<ffffffff81cdfb55>] bio_copy_user_iov+0xb05/0xea0
[ 30.607516] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 30.613541] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 30.618969] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 30.625166] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 30.631366] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.638344] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 30.644549] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 30.650943] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 30.656792] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 30.663159] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 30.668950] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 30.674712] [<ffffffff838a56a5>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 30.681616] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 30.688243] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 30.693760] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 30.699536] [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[ 30.705741] [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[ 30.712109] [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[ 30.717348] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 30.722937] [<ffffffff82eca0c6>] ? sock_alloc_inode+0x66/0x250
[ 30.728955] [<ffffffff82ec7221>] ? sock_alloc+0x41/0x270
[ 30.734463] [<ffffffff82ecce35>] ? __sock_create+0xa5/0x640
[ 30.740223] [<ffffffff82ecd600>] ? SyS_socket+0xf0/0x1b0
[ 30.745728] [<ffffffff838a5a05>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 30.752446] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.759422] [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[ 30.764924] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.771914] [<ffffffff8153b915>] ? kasan_unpoison_shadow+0x35/0x50
[ 30.778283] [<ffffffff8153ba8d>] ? kasan_kmalloc+0xad/0xe0
[ 30.783957] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 30.790946] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 30.796530] [<ffffffff8156a493>] __vfs_write+0x103/0x680
[ 30.802030] [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[ 30.807972] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 30.813740] [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[ 30.820718] [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[ 30.826567] [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[ 30.833200] [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[ 30.839917] [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[ 30.845764] [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[ 30.851086] [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[ 30.856323] [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[ 30.861740] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.868317] [<ffffffff838a5a05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 30.874874] ==================================================================
[ 30.884504] ==================================================================
[ 30.891880] BUG: KASAN: wild-memory-access on address ffe7087636e78000
[ 30.898504] Write of size 2 by task syz-executor6/3403
[ 30.903743] CPU: 1 PID: 3403 Comm: syz-executor6 Tainted: G B 4.9.42-g02f29ab #24
[ 30.912452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.921781] ffff8801c6e873f8 ffffffff81d92909 ffe7087636e78000 0000000000000002
[ 30.929715] 0000000000000001 00000000205cbf9f ffe7087636e78000 ffff8801c6e87480
[ 30.937693] ffffffff8153c9cf 0000000000000000 0000000000000000 ffffffff81dc6014
[ 30.945636] Call Trace:
[ 30.948186] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 30.953535] [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500
[ 30.959731] [<ffffffff81dc6014>] ? copy_user_handle_tail+0xb4/0xd0
[ 30.966101] [<ffffffff838a6439>] ? retint_kernel+0x2d/0x2d
[ 30.971774] [<ffffffff8153cda0>] kasan_report+0x20/0x30
[ 30.977185] [<ffffffff8153b6e7>] check_memory_region+0x137/0x190
[ 30.983377] [<ffffffff8153bb53>] memset+0x23/0x40
[ 30.988270] [<ffffffff81dc6014>] copy_user_handle_tail+0xb4/0xd0
[ 30.994463] [<ffffffff81ddc1e0>] copy_page_from_iter+0x1c0/0x5d0
[ 31.000659] [<ffffffff81cdfb55>] bio_copy_user_iov+0xb05/0xea0
[ 31.006679] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 31.012701] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 31.018122] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 31.024323] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 31.030534] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 31.037522] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 31.043731] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 31.050116] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 31.055968] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790