INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login:
INIT: Id "6" respawning too fast: disabled for 5 minutes
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: Id "1" respawning too fast: disabled for 5 minutes
INIT: Id "4" respawning too fast: disabled for 5 minutes
INIT: Id "2" respawning too fast: disabled for 5 minutes
INIT: Id "3" respawning too fast: disabled for 5 minutes
Warning: Permanently added 'ci-android-49-kasan-gce-6,10.128.0.33' (ECDSA) to the list of known hosts.
2017/08/13 11:41:29 parsed 1 programs
2017/08/13 11:41:29 executed programs: 0
2017/08/13 11:41:34 executed programs: 375
[ 119.356204] ==================================================================
[ 119.363569] BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 at addr ffff8801cfc55000
[ 119.372458] Read of size 8 by task syz-executor3/5495
[ 119.377614] CPU: 1 PID: 5495 Comm: syz-executor3 Not tainted 4.9.42-g02f29ab #24
[ 119.385110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 119.394436] ffff8801d6bef4c0 ffffffff81d92909 ffff8801da0013c0 ffff8801cfc55000
[ 119.402411] ffff8801cfc55100 ffffed0039f8aa00 ffff8801cfc55000 ffff8801d6bef4e8
[ 119.410353] ffffffff8153c51c ffffed0039f8aa00 ffff8801da0013c0 0000000000000000
[ 119.418291] Call Trace:
[ 119.420849] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 119.426176] [<ffffffff8153c51c>] kasan_object_err+0x1c/0x70
[ 119.431939] [<ffffffff8153c7dc>] kasan_report.part.1+0x21c/0x500
[ 119.438135] [<ffffffff81cdfeb1>] ? bio_copy_user_iov+0xe61/0xea0
[ 119.444329] [<ffffffff8153cb79>] __asan_report_load8_noabort+0x29/0x30
[ 119.451044] [<ffffffff81cdfeb1>] bio_copy_user_iov+0xe61/0xea0
[ 119.457064] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 119.463086] [<ffffffff81e4319b>] ? __sbitmap_queue_get+0xfb/0x230
[ 119.469368] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 119.474781] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 119.480974] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 119.487169] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 119.494143] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 119.500339] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 119.506709] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 119.512556] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 119.518926] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 119.524685] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 119.530452] [<ffffffff838a56a5>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 119.537346] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 119.543973] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 119.549473] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 119.555234] [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[ 119.561449] [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[ 119.567820] [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[ 119.573059] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 119.578654] [<ffffffff82eca0c6>] ? sock_alloc_inode+0x66/0x250
[ 119.584673] [<ffffffff82ec7221>] ? sock_alloc+0x41/0x270
[ 119.590170] [<ffffffff82ecce35>] ? __sock_create+0xa5/0x640
[ 119.595933] [<ffffffff82ecd600>] ? SyS_socket+0xf0/0x1b0
[ 119.601441] [<ffffffff838a5a05>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 119.608157] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 119.615134] [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[ 119.620632] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 119.627623] [<ffffffff8153b915>] ? kasan_unpoison_shadow+0x35/0x50
[ 119.633996] [<ffffffff8153ba8d>] ? kasan_kmalloc+0xad/0xe0
[ 119.639680] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 119.646652] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 119.652240] [<ffffffff8156a493>] __vfs_write+0x103/0x680
[ 119.657741] [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[ 119.663676] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 119.669440] [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[ 119.676421] [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[ 119.682275] [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[ 119.688905] [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[ 119.695628] [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[ 119.701483] [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[ 119.706810] [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[ 119.712051] [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[ 119.717465] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 119.724018] [<ffffffff838a5a05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 119.730561] Object at ffff8801cfc55000, in cache kmalloc-256 size: 256
[ 119.737185] Allocated:
[ 119.739643] PID = 5500
[ 119.742106] save_stack_trace+0x16/0x20
[ 119.746044] save_stack+0x43/0xd0
[ 119.749462] kasan_kmalloc+0xad/0xe0
[ 119.753136] __kmalloc+0x11d/0x310
[ 119.756640] sg_build_indirect.isra.23+0x8b/0x550
[ 119.761564] sg_build_reserve+0x8d/0xb0
[ 119.765501] sg_open+0x946/0x15a0
[ 119.768915] chrdev_open+0x22b/0x4c0
[ 119.772591] do_dentry_open+0x607/0xc60
[ 119.776527] vfs_open+0x105/0x220
[ 119.779943] path_openat+0x64c/0x2a60
[ 119.783705] do_filp_open+0x197/0x290
[ 119.787470] do_sys_open+0x352/0x4c0
[ 119.791146] SyS_open+0x2d/0x40
[ 119.794391] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 119.799194] Freed:
[ 119.801305] PID = 5500
[ 119.803767] save_stack_trace+0x16/0x20
[ 119.807703] save_stack+0x43/0xd0
[ 119.811119] kasan_slab_free+0x73/0xc0
[ 119.814970] kfree+0xf0/0x2f0
[ 119.818042] sg_remove_scat.isra.20+0x212/0x2d0
[ 119.822672] sg_ioctl+0x12d0/0x29f0
[ 119.826264] do_vfs_ioctl+0x1aa/0x10c0
[ 119.830117] SyS_ioctl+0x8f/0xc0
[ 119.833453] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 119.838170] Memory state around the buggy address:
[ 119.843068] ffff8801cfc54f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 119.850390] ffff8801cfc54f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.857717] >ffff8801cfc55000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.865037] ^
[ 119.868366] ffff8801cfc55080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.875695] ffff8801cfc55100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 119.883017] ==================================================================
[ 119.891073] ==================================================================
[ 119.898409] BUG: KASAN: wild-memory-access on address ffe708727bd00000
[ 119.905039] Write of size 2 by task syz-executor3/5495
[ 119.910278] CPU: 1 PID: 5495 Comm: syz-executor3 Tainted: G B 4.9.42-g02f29ab #24
[ 119.918989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 119.928310] ffff8801d6bef448 ffffffff81d92909 ffff8801d6bef618 0000000000000002
[ 119.936360] 0000000000000001 ffff8801d6bef840 ffe708727bd00000 ffff8801d6bef4d0
[ 119.944306] ffffffff8153c9cf 0000000000000000 0000000000000001 ffffffff81ddc1c4
[ 119.952248] Call Trace:
[ 119.954804] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 119.960138] [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500
[ 119.966352] [<ffffffff81ddc1c4>] ? copy_page_from_iter+0x1a4/0x5d0
[ 119.972808] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 119.978568] [<ffffffff8153cda0>] kasan_report+0x20/0x30
[ 119.983997] [<ffffffff8153b6e7>] check_memory_region+0x137/0x190
[ 119.990191] [<ffffffff8153b774>] kasan_check_write+0x14/0x20
[ 119.996038] [<ffffffff81ddc1c4>] copy_page_from_iter+0x1a4/0x5d0
[ 120.002232] [<ffffffff81cdfb55>] bio_copy_user_iov+0xb05/0xea0
[ 120.008253] [<ffffffff81cdf050>] ? bio_uncopy_user+0x600/0x600
[ 120.014272] [<ffffffff81d2fe09>] ? __bt_get+0x199/0x1f0
[ 120.019687] [<ffffffff81d13e07>] blk_rq_map_user_iov+0x237/0x790
[ 120.025881] [<ffffffff81d13bd0>] ? blk_rq_append_bio+0x1a0/0x1a0
[ 120.032773] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 120.039749] [<ffffffff810d2ec9>] ? kvm_sched_clock_read+0x9/0x20
[ 120.045944] [<ffffffff81dd08f4>] ? import_single_range+0x1d4/0x2b0
[ 120.052314] [<ffffffff81d14471>] blk_rq_map_user+0x111/0x1a0
[ 120.058162] [<ffffffff81d14360>] ? blk_rq_map_user_iov+0x790/0x790
[ 120.064533] [<ffffffff826600af>] ? sg_res_in_use+0x1f/0x130
[ 120.070299] [<ffffffff8266017a>] ? sg_res_in_use+0xea/0x130
[ 120.076066] [<ffffffff838a56a5>] ? _raw_read_unlock_irqrestore+0x45/0x70
[ 120.082954] [<ffffffff82668b9a>] sg_common_write.isra.24+0xc1a/0x17c0
[ 120.089583] [<ffffffff82667f80>] ? sg_open+0x15a0/0x15a0
[ 120.095087] [<ffffffff814c1034>] ? __might_fault+0xe4/0x1d0
[ 120.100846] [<ffffffff81562968>] ? check_stack_object+0x68/0x140
[ 120.107041] [<ffffffff81562bb4>] ? __check_object_size+0x174/0x3a9
[ 120.113408] [<ffffffff8266cfb8>] sg_write+0x688/0xad0
[ 120.118649] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 120.124238] [<ffffffff82eca0c6>] ? sock_alloc_inode+0x66/0x250
[ 120.130266] [<ffffffff82ec7221>] ? sock_alloc+0x41/0x270
[ 120.135768] [<ffffffff82ecce35>] ? __sock_create+0xa5/0x640
[ 120.141529] [<ffffffff82ecd600>] ? SyS_socket+0xf0/0x1b0
[ 120.147030] [<ffffffff838a5a05>] ? entry_SYSCALL_64_fastpath+0x23/0xc6
[ 120.153756] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 120.160733] [<ffffffff812e3458>] ? do_futex+0x3e8/0x1640
[ 120.166232] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 120.173209] [<ffffffff8153b915>] ? kasan_unpoison_shadow+0x35/0x50
[ 120.179578] [<ffffffff8153ba8d>] ? kasan_kmalloc+0xad/0xe0
[ 120.185254] [<ffffffff8123bc30>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 120.192228] [<ffffffff8266c930>] ? sg_ioctl+0x29f0/0x29f0
[ 120.197815] [<ffffffff8156a493>] __vfs_write+0x103/0x680
[ 120.203316] [<ffffffff8156a390>] ? default_llseek+0x290/0x290
[ 120.209249] [<ffffffff811ba935>] ? __might_sleep+0x95/0x1a0
[ 120.215009] [<ffffffff81be09c9>] ? __inode_security_revalidate+0xd9/0x130
[ 120.221982] [<ffffffff81bda509>] ? avc_policy_seqno+0x9/0x20
[ 120.227830] [<ffffffff81beaea2>] ? selinux_file_permission+0x82/0x460
[ 120.234470] [<ffffffff81bd15b9>] ? security_file_permission+0x89/0x1e0
[ 120.241186] [<ffffffff8156df55>] ? rw_verify_area+0xe5/0x2b0
[ 120.247030] [<ffffffff8156e5c0>] vfs_write+0x170/0x4e0
[ 120.252356] [<ffffffff81571fb9>] SyS_write+0xd9/0x1b0
[ 120.257611] [<ffffffff81571ee0>] ? SyS_read+0x1b0/0x1b0
[ 120.263032] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 120.269580] [<ffffffff838a5a05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 120.276126] ==================================================================
[ 120.284147] ==================================================================
[ 120.291485] BUG: KASAN: wild-memory-access on address ffe708727bd00000
[ 120.298200] Write of size 2 by task syz-executor3/5495
[ 120.303441] CPU: 1 PID: 5495 Comm: syz-executor3 Tainted: G B 4.9.42-g02f29ab #24
[ 120.312150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 120.321472] ffff8801d6bef3f8 ffffffff81d92909 ffe708727bd00000 0000000000000002
[ 120.329411] 0000000000000001 00000000205cbf9f ffe708727bd00000 ffff8801d6bef480
[ 120.337352] ffffffff8153c9cf 0000000000000000 0000000000000000 ffffffff81dc6014
[ 120.345293] Call Trace:
[ 120.347844] [<ffffffff81d92909>] dump_stack+0xc1/0x128
[ 120.353173] [<ffffffff8153c9cf>] kasan_report.part.1+0x40f/0x500