INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-android-49-kasan-gce-8,10.128.15.209' (ECDSA) to the list of known hosts.
2017/08/20 08:32:27 parsed 1 programs
2017/08/20 08:32:27 executed programs: 0
syzkaller login: [   36.370389] ==================================================================
[   36.371482] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801d803a500
[   36.372705] Read of size 8 by task syz-executor0/3266
[   36.373390] CPU: 1 PID: 3266 Comm: syz-executor0 Not tainted 4.9.44-g6dda7ac #31
[   36.374469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.375918]  ffff8801d877f4c0 ffffffff81d929c9 ffff8801da0013c0 ffff8801d803a500
[   36.377446]  ffff8801d803a600 ffffed003b0074a0 ffff8801d803a500 ffff8801d877f4e8
[   36.378652]  ffffffff8153c5ec ffffed003b0074a0 ffff8801da0013c0 0000000000000000
[   36.380027] Call Trace:
[   36.380424]  [<ffffffff81d929c9>] dump_stack+0xc1/0x128
[   36.381152]  [<ffffffff8153c5ec>] kasan_object_err+0x1c/0x70
[   36.381965]  [<ffffffff8153c8ac>] kasan_report.part.1+0x21c/0x500
[   36.382810]  [<ffffffff81cdff71>] ? bio_copy_user_iov+0xe61/0xea0
[   36.383741]  [<ffffffff8153cc49>] __asan_report_load8_noabort+0x29/0x30
[   36.384643]  [<ffffffff81cdff71>] bio_copy_user_iov+0xe61/0xea0
[   36.385486]  [<ffffffff81cdf110>] ? bio_uncopy_user+0x600/0x600
[   36.386367]  [<ffffffff81e4325b>] ? __sbitmap_queue_get+0xfb/0x230
[   36.387263]  [<ffffffff81d2fec9>] ? __bt_get+0x199/0x1f0
[   36.388039]  [<ffffffff81d13ec7>] blk_rq_map_user_iov+0x237/0x790
[   36.388963]  [<ffffffff81d13c90>] ? blk_rq_append_bio+0x1a0/0x1a0
[   36.389783]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   36.392045]  [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[   36.398239]  [<ffffffff81dd09b4>] ? import_single_range+0x1d4/0x2b0
[   36.404614]  [<ffffffff81d14531>] blk_rq_map_user+0x111/0x1a0
[   36.410461]  [<ffffffff81d14420>] ? blk_rq_map_user_iov+0x790/0x790
[   36.416845]  [<ffffffff8266011f>] ? sg_res_in_use+0x1f/0x130
[   36.422604]  [<ffffffff826601ea>] ? sg_res_in_use+0xea/0x130
[   36.428366]  [<ffffffff838a6485>] ? _raw_read_unlock_irqrestore+0x45/0x70
[   36.435254]  [<ffffffff82668c0a>] sg_common_write.isra.24+0xc1a/0x17c0
[   36.441881]  [<ffffffff82667ff0>] ? sg_open+0x15a0/0x15a0
[   36.447383]  [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0
[   36.453156]  [<ffffffff81562a38>] ? check_stack_object+0x68/0x140
[   36.459358]  [<ffffffff81562c84>] ? __check_object_size+0x174/0x3a9
[   36.465738]  [<ffffffff8266d028>] sg_write+0x688/0xad0
[   36.470975]  [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[   36.476563]  [<ffffffff81e41a32>] ? depot_save_stack+0x122/0x4a0
[   36.482672]  [<ffffffff815a272e>] ? putname+0xee/0x130
[   36.487912]  [<ffffffff8153b933>] ? save_stack+0xa3/0xd0
[   36.493333]  [<ffffffff812e3478>] ? do_futex+0x3e8/0x1640
[   36.498834]  [<ffffffff81569b02>] ? do_sys_open+0x252/0x4c0
[   36.504507]  [<ffffffff81569d9d>] ? SyS_open+0x2d/0x40
[   36.509746]  [<ffffffff838a6805>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[   36.516471]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   36.523462]  [<ffffffff814daecc>] ? __vma_link_file+0x10c/0x160
[   36.529490]  [<ffffffff814e10a1>] ? vma_wants_writenotify+0x51/0x380
[   36.535954]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   36.542937]  [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[   36.548522]  [<ffffffff8156a563>] __vfs_write+0x103/0x680
[   36.554022]  [<ffffffff8156a460>] ? default_llseek+0x290/0x290
[   36.559955]  [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[   36.565721]  [<ffffffff81be0a99>] ? __inode_security_revalidate+0xd9/0x130
[   36.572708]  [<ffffffff81bda5d9>] ? avc_policy_seqno+0x9/0x20
[   36.578561]  [<ffffffff81beaf72>] ? selinux_file_permission+0x82/0x460
[   36.585191]  [<ffffffff81bd1689>] ? security_file_permission+0x89/0x1e0
[   36.591906]  [<ffffffff8156e025>] ? rw_verify_area+0xe5/0x2b0
[   36.597753]  [<ffffffff8156e690>] vfs_write+0x170/0x4e0
[   36.603083]  [<ffffffff81572089>] SyS_write+0xd9/0x1b0
[   36.608328]  [<ffffffff81571fb0>] ? SyS_read+0x1b0/0x1b0
[   36.613742]  [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.620285]  [<ffffffff838a6805>] entry_SYSCALL_64_fastpath+0x23/0xc6
[   36.626825] Object at ffff8801d803a500, in cache kmalloc-256 size: 256
[   36.633452] Allocated:
[   36.635908] PID = 3266
[   36.638368]  save_stack_trace+0x16/0x20
[   36.642304]  save_stack+0x43/0xd0
[   36.645717]  kasan_kmalloc+0xad/0xe0
[   36.649392]  __kmalloc+0x11d/0x310
[   36.652896]  sg_build_indirect.isra.23+0x8b/0x550
[   36.657705]  sg_build_reserve+0x8d/0xb0
[   36.661641]  sg_open+0x946/0x15a0
[   36.665055]  chrdev_open+0x22b/0x4c0
[   36.668728]  do_dentry_open+0x607/0xc60
[   36.672661]  vfs_open+0x105/0x220
[   36.676076]  path_openat+0x64c/0x2a60
[   36.679839]  do_filp_open+0x197/0x290
[   36.683617]  do_sys_open+0x352/0x4c0
[   36.687290]  SyS_open+0x2d/0x40
[   36.690532]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   36.695250] Freed:
[   36.697361] PID = 3267
[   36.699822]  save_stack_trace+0x16/0x20
[   36.703758]  save_stack+0x43/0xd0
[   36.707173]  kasan_slab_free+0x73/0xc0
[   36.711021]  kfree+0xf0/0x2f0
[   36.714091]  sg_remove_scat.isra.20+0x212/0x2d0
[   36.718720]  sg_ioctl+0x12d0/0x29f0
[   36.722308]  do_vfs_ioctl+0x1aa/0x10c0
[   36.726160]  SyS_ioctl+0x8f/0xc0
[   36.729491]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   36.734203] Memory state around the buggy address:
[   36.739095]  ffff8801d803a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.746427]  ffff8801d803a480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   36.753747] >ffff8801d803a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.761066]                    ^
[   36.764395]  ffff8801d803a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.771716]  ffff8801d803a600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   36.779042] ==================================================================
[   36.786641] ==================================================================
[   36.793980] BUG: KASAN: wild-memory-access on address ffe70875c11d8000
[   36.800607] Write of size 38 by task syz-executor0/3266
[   36.805935] CPU: 1 PID: 3266 Comm: syz-executor0 Tainted: G    B           4.9.44-g6dda7ac #31
[   36.814648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.823972]  ffff8801d877f448 ffffffff81d929c9 ffff8801d877f618 0000000000000026
[   36.831913]  0000000000000001 ffff8801d877f840 ffe70875c11d8000 ffff8801d877f4d0
[   36.839862]  ffffffff8153ca9f 0000000000000000 0000000000000001 ffffffff81ddc284
[   36.847824] Call Trace:
[   36.850378]  [<ffffffff81d929c9>] dump_stack+0xc1/0x128
[   36.855705]  [<ffffffff8153ca9f>] kasan_report.part.1+0x40f/0x500
[   36.861900]  [<ffffffff81ddc284>] ? copy_page_from_iter+0x1a4/0x5d0
[   36.868270]  [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0
[   36.874029]  [<ffffffff8153ce70>] kasan_report+0x20/0x30
[   36.879439]  [<ffffffff8153b7b7>] check_memory_region+0x137/0x190
[   36.885632]  [<ffffffff8153b844>] kasan_check_write+0x14/0x20
[   36.891480]  [<ffffffff81ddc284>] copy_page_from_iter+0x1a4/0x5d0
[   36.897687]  [<ffffffff81cdfc15>] bio_copy_user_iov+0xb05/0xea0
[   36.903709]  [<ffffffff81cdf110>] ? bio_uncopy_user+0x600/0x600
[   36.909732]  [<ffffffff81d2fec9>] ? __bt_get+0x199/0x1f0
[   36.915152]  [<ffffffff81d13ec7>] blk_rq_map_user_iov+0x237/0x790
[   36.921350]  [<ffffffff81d13c90>] ? blk_rq_append_bio+0x1a0/0x1a0
[   36.927555]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   36.934547]  [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[   36.940743]  [<ffffffff81dd09b4>] ? import_single_range+0x1d4/0x2b0
[   36.947116]  [<ffffffff81d14531>] blk_rq_map_user+0x111/0x1a0
[   36.952970]  [<ffffffff81d14420>] ? blk_rq_map_user_iov+0x790/0x790
[   36.959340]  [<ffffffff8266011f>] ? sg_res_in_use+0x1f/0x130
[   36.965098]  [<ffffffff826601ea>] ? sg_res_in_use+0xea/0x130
[   36.970875]  [<ffffffff838a6485>] ? _raw_read_unlock_irqrestore+0x45/0x70
[   36.977850]  [<ffffffff82668c0a>] sg_common_write.isra.24+0xc1a/0x17c0
[   36.984490]  [<ffffffff82667ff0>] ? sg_open+0x15a0/0x15a0
[   36.990002]  [<ffffffff814c1104>] ? __might_fault+0xe4/0x1d0
[   36.995766]  [<ffffffff81562a38>] ? check_stack_object+0x68/0x140
[   37.001961]  [<ffffffff81562c84>] ? __check_object_size+0x174/0x3a9
[   37.008333]  [<ffffffff8266d028>] sg_write+0x688/0xad0
[   37.013579]  [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[   37.019169]  [<ffffffff81e41a32>] ? depot_save_stack+0x122/0x4a0
[   37.025279]  [<ffffffff815a272e>] ? putname+0xee/0x130
[   37.030522]  [<ffffffff8153b933>] ? save_stack+0xa3/0xd0
[   37.035946]  [<ffffffff812e3478>] ? do_futex+0x3e8/0x1640
[   37.041457]  [<ffffffff81569b02>] ? do_sys_open+0x252/0x4c0
[   37.047142]  [<ffffffff81569d9d>] ? SyS_open+0x2d/0x40
[   37.052393]  [<ffffffff838a6805>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[   37.059111]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   37.066087]  [<ffffffff814daecc>] ? __vma_link_file+0x10c/0x160
[   37.072108]  [<ffffffff814e10a1>] ? vma_wants_writenotify+0x51/0x380
[   37.078577]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   37.085553]  [<ffffffff8266c9a0>] ? sg_ioctl+0x29f0/0x29f0
[   37.091140]  [<ffffffff8156a563>] __vfs_write+0x103/0x680
[   37.096642]  [<ffffffff8156a460>] ? default_llseek+0x290/0x290
[   37.102579]  [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[   37.108344]  [<ffffffff81be0a99>] ? __inode_security_revalidate+0xd9/0x130
[   37.115327]  [<ffffffff81bda5d9>] ? avc_policy_seqno+0x9/0x20
[   37.121179]  [<ffffffff81beaf72>] ? selinux_file_permission+0x82/0x460
[   37.127811]  [<ffffffff81bd1689>] ? security_file_permission+0x89/0x1e0
[   37.134529]  [<ffffffff8156e025>] ? rw_verify_area+0xe5/0x2b0
[   37.140386]  [<ffffffff8156e690>] vfs_write+0x170/0x4e0
[   37.145724]  [<ffffffff81572089>] SyS_write+0xd9/0x1b0
[   37.150968]  [<ffffffff81571fb0>] ? SyS_read+0x1b0/0x1b0
[   37.156380]  [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.162924]  [<ffffffff838a6805>] entry_SYSCALL_64_fastpath+0x23/0xc6
[   37.169468] ==================================================================
[   37.177016] ==================================================================
[   37.184350] BUG: KASAN: wild-memory-access on address ffe70875c11d8000
[   37.190976] Write of size 38 by task syz-executor0/3266
[   37.196302] CPU: 1 PID: 3266 Comm: syz-executor0 Tainted: G    B           4.9.44-g6dda7ac #31
[   37.205014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.214335]  ffff8801d877f3f8 ffffffff81d929c9 ffe70875c11d8000 0000000000000026
[   37.222296]  0000000000000001 0000000020006fdb ffe70875c11d8000 ffff8801d877f480
[   37.230251]  ffffffff8153ca9f 0000000000000000 0000000000000000 ffffffff81dc60d4
[   37.238194] Call Trace:
[   37.240745]  [<ffffffff81d929c9>] dump_stack+0xc1/0x128
[   37.246072]  [<ffffffff8153ca9f>] kasan_report.part.1+0x40f/0x500
[   37.252269]  [<ffffffff81dc60d4>] ? copy_user_handle_tail+0xb4/0xd0
[   37.258640]  [<ffffffff838a7239>] ? retint_kernel+0x2d/0x2d
[   37.264319]  [<ffffffff8153ce70>] kasan_report+0x20/0x30
[   37.269732]  [<ffffffff8153b7b7>] check_memory_region+0x137/0x190
[   37.275926]  [<ffffffff8153bc23>] memset+0x23/0x40
[   37.280819]  [<ffffffff81dc60d4>] copy_user_handle_tail+0xb4/0xd0
[   37.287014]  [<ffffffff81ddc2a0>] copy_page_from_iter+0x1c0/0x5d0
[   37.293209]  [<ffffffff81cdfc15>] bio_copy_user_iov+0xb05/0xea0
[   37.299232]  [<ffffffff81cdf110>] ? bio_uncopy_user+0x600/0x600
[   37.305251]  [<ffffffff81d2fec9>] ? __bt_get+0x199/0x1f0
[   37.310664]  [<ffffffff81d13ec7>] blk_rq_map_user_iov+0x237/0x790
[   37.316864]  [<ffffffff81d13c90>] ? blk_rq_append_bio+0x1a0/0x1a0
[   37.323067]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   37.330043]  [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[   37.336238]  [<ffffffff81dd09b4>] ? import_single_range+0x1d4/0x2b0
[   37.342605]  [<ffffffff81d14531>] blk_rq_map_user+0x111/0x1a0
[   37.348460]  [<ffffffff81d14420>] ? blk_rq_map_user_iov+0x790/0x790
[   37.354830]  [<ffffffff8266011f>] ? sg_res_in_use+0x1f/0x130
[   37.360608]  [<ffffffff826601ea>] ? sg_res_in_use+0xea/0x130
[   37.366373]  [<ffffffff838a6485>] ? _raw_read_unlock_irqrestore+0x45/0x70