INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: 
INIT: Id "6" respawning too fast: disabled for 5 minutes

INIT: Id "5" respawning too fast: disabled for 5 minutes

INIT: Id "1" respawning too fast: disabled for 5 minutes

INIT: Id "4" respawning too fast: disabled for 5 minutes

INIT: Id "2" respawning too fast: disabled for 5 minutes

INIT: Id "3" respawning too fast: disabled for 5 minutes
Warning: Permanently added 'ci-android-49-kasan-gce-6,10.128.0.33' (ECDSA) to the list of known hosts.
2017/08/13 11:41:29 parsed 1 programs
2017/08/13 11:41:29 executed programs: 0
2017/08/13 11:41:34 executed programs: 375
[  119.356204] ==================================================================
[  119.363569] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801cfc55000
[  119.372458] Read of size 8 by task syz-executor3/5495
[  119.377614] CPU: 1 PID: 5495 Comm: syz-executor3 Not tainted 4.9.42-g02f29ab #24
[  119.385110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  119.394436]  ffff8801d6bef4c0 ffffffff81d92909 ffff8801da0013c0 ffff8801cfc55000
[  119.402411]  ffff8801cfc55100 ffffed0039f8aa00 ffff8801cfc55000 ffff8801d6bef4e8
[  119.410353]  ffffffff8153c51c ffffed0039f8aa00 ffff8801da0013c0 0000000000000000
[  119.418291] Call Trace:
[  119.420849]  [<ffffffff81d92909>] dump_stack+0xc1/0x128
[  119.426176]  [<ffffffff8153c51c>] kasan_object_err+0x1c/0x70
[  119.431939]  [<ffffffff8153c7dc>] kasan_report.part.1+0x21c/0x500
[  119.438135]  [<ffffffff81cdfeb1>] ? bio_copy_user_iov+0xe61/0xea0
[  119.444329]  [<ffffffff8153cb79>] __asan_report_load8_noabort+0x29/0x30
[  119.451044]  [<ffffffff81cdfeb1>] bio_copy_user_iov+0xe61/0xea0
[  119.457064]  [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[  119.463086]  [<ffffffff81e4319b>] ? __sbitmap_queue_get+0xfb/0x230
[  119.469368]  [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[  119.474781]  [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[  119.480974]  [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[  119.487169]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  119.494143]  [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[  119.500339]  [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[  119.506709]  [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[  119.512556]  [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[  119.518926]  [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[  119.524685]  [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[  119.530452]  [<ffffffff838a56a5>] ? _raw_read_unlock_irqrestore+0x45/0x70
[  119.537346]  [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[  119.543973]  [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[  119.549473]  [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[  119.555234]  [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[  119.561449]  [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[  119.567820]  [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[  119.573059]  [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[  119.578654]  [<ffffffff82eca0c6>] ? sock_alloc_inode+0x66/0x250
[  119.584673]  [<ffffffff82ec7221>] ? sock_alloc+0x41/0x270
[  119.590170]  [<ffffffff82ecce35>] ? __sock_create+0xa5/0x640
[  119.595933]  [<ffffffff82ecd600>] ? SyS_socket+0xf0/0x1b0
[  119.601441]  [<ffffffff838a5a05>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[  119.608157]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  119.615134]  [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[  119.620632]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  119.627623]  [<ffffffff8153b915>] ? kasan_unpoison_shadow+0x35/0x50
[  119.633996]  [<ffffffff8153ba8d>] ? kasan_kmalloc+0xad/0xe0
[  119.639680]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  119.646652]  [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[  119.652240]  [<ffffffff8156a493>] __vfs_write+0x103/0x680
[  119.657741]  [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[  119.663676]  [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[  119.669440]  [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[  119.676421]  [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[  119.682275]  [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[  119.688905]  [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[  119.695628]  [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[  119.701483]  [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[  119.706810]  [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[  119.712051]  [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[  119.717465]  [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  119.724018]  [<ffffffff838a5a05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[  119.730561] Object at ffff8801cfc55000, in cache kmalloc-256 size: 256
[  119.737185] Allocated:
[  119.739643] PID = 5500
[  119.742106]  save_stack_trace+0x16/0x20
[  119.746044]  save_stack+0x43/0xd0
[  119.749462]  kasan_kmalloc+0xad/0xe0
[  119.753136]  __kmalloc+0x11d/0x310
[  119.756640]  sg_build_indirect.isra.23+0x8b/0x550
[  119.761564]  sg_build_reserve+0x8d/0xb0
[  119.765501]  sg_open+0x946/0x15a0
[  119.768915]  chrdev_open+0x22b/0x4c0
[  119.772591]  do_dentry_open+0x607/0xc60
[  119.776527]  vfs_open+0x105/0x220
[  119.779943]  path_openat+0x64c/0x2a60
[  119.783705]  do_filp_open+0x197/0x290
[  119.787470]  do_sys_open+0x352/0x4c0
[  119.791146]  SyS_open+0x2d/0x40
[  119.794391]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  119.799194] Freed:
[  119.801305] PID = 5500
[  119.803767]  save_stack_trace+0x16/0x20
[  119.807703]  save_stack+0x43/0xd0
[  119.811119]  kasan_slab_free+0x73/0xc0
[  119.814970]  kfree+0xf0/0x2f0
[  119.818042]  sg_remove_scat.isra.20+0x212/0x2d0
[  119.822672]  sg_ioctl+0x12d0/0x29f0
[  119.826264]  do_vfs_ioctl+0x1aa/0x10c0
[  119.830117]  SyS_ioctl+0x8f/0xc0
[  119.833453]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  119.838170] Memory state around the buggy address:
[  119.843068]  ffff8801cfc54f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  119.850390]  ffff8801cfc54f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.857717] >ffff8801cfc55000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.865037]                    ^
[  119.868366]  ffff8801cfc55080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.875695]  ffff8801cfc55100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  119.883017] ==================================================================
[  119.891073] ==================================================================
[  119.898409] BUG: KASAN: wild-memory-access on address ffe708727bd00000
[  119.905039] Write of size 2 by task syz-executor3/5495
[  119.910278] CPU: 1 PID: 5495 Comm: syz-executor3 Tainted: G    B           4.9.42-g02f29ab #24
[  119.918989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  119.928310]  ffff8801d6bef448 ffffffff81d92909 ffff8801d6bef618 0000000000000002
[  119.936360]  0000000000000001 ffff8801d6bef840 ffe708727bd00000 ffff8801d6bef4d0
[  119.944306]  ffffffff8153c9cf 0000000000000000 0000000000000001 ffffffff81ddc1c4
[  119.952248] Call Trace:
[  119.954804]  [<ffffffff81d92909>] dump_stack+0xc1/0x128
[  119.960138]  [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500
[  119.966352]  [<ffffffff81ddc1c4>] ? copy_page_from_iter+0x1a4/0x5d0
[  119.972808]  [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[  119.978568]  [<ffffffff8153cda0>] kasan_report+0x20/0x30
[  119.983997]  [<ffffffff8153b6e7>] check_memory_region+0x137/0x190
[  119.990191]  [<ffffffff8153b774>] kasan_check_write+0x14/0x20
[  119.996038]  [<ffffffff81ddc1c4>] copy_page_from_iter+0x1a4/0x5d0
[  120.002232]  [<ffffffff81cdfb55>] bio_copy_user_iov+0xb05/0xea0
[  120.008253]  [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[  120.014272]  [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[  120.019687]  [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[  120.025881]  [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[  120.032773]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  120.039749]  [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[  120.045944]  [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[  120.052314]  [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[  120.058162]  [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[  120.064533]  [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[  120.070299]  [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[  120.076066]  [<ffffffff838a56a5>] ? _raw_read_unlock_irqrestore+0x45/0x70
[  120.082954]  [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[  120.089583]  [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[  120.095087]  [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[  120.100846]  [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[  120.107041]  [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[  120.113408]  [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[  120.118649]  [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[  120.124238]  [<ffffffff82eca0c6>] ? sock_alloc_inode+0x66/0x250
[  120.130266]  [<ffffffff82ec7221>] ? sock_alloc+0x41/0x270
[  120.135768]  [<ffffffff82ecce35>] ? __sock_create+0xa5/0x640
[  120.141529]  [<ffffffff82ecd600>] ? SyS_socket+0xf0/0x1b0
[  120.147030]  [<ffffffff838a5a05>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[  120.153756]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  120.160733]  [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[  120.166232]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  120.173209]  [<ffffffff8153b915>] ? kasan_unpoison_shadow+0x35/0x50
[  120.179578]  [<ffffffff8153ba8d>] ? kasan_kmalloc+0xad/0xe0
[  120.185254]  [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[  120.192228]  [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[  120.197815]  [<ffffffff8156a493>] __vfs_write+0x103/0x680
[  120.203316]  [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[  120.209249]  [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[  120.215009]  [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[  120.221982]  [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[  120.227830]  [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[  120.234470]  [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[  120.241186]  [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[  120.247030]  [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[  120.252356]  [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[  120.257611]  [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[  120.263032]  [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  120.269580]  [<ffffffff838a5a05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[  120.276126] ==================================================================
[  120.284147] ==================================================================
[  120.291485] BUG: KASAN: wild-memory-access on address ffe708727bd00000
[  120.298200] Write of size 2 by task syz-executor3/5495
[  120.303441] CPU: 1 PID: 5495 Comm: syz-executor3 Tainted: G    B           4.9.42-g02f29ab #24
[  120.312150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  120.321472]  ffff8801d6bef3f8 ffffffff81d92909 ffe708727bd00000 0000000000000002
[  120.329411]  0000000000000001 00000000205cbf9f ffe708727bd00000 ffff8801d6bef480
[  120.337352]  ffffffff8153c9cf 0000000000000000 0000000000000000 ffffffff81dc6014
[  120.345293] Call Trace:
[  120.347844]  [<ffffffff81d92909>] dump_stack+0xc1/0x128
[  120.353173]  [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500