INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-4,10.128.15.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.971114] ================================================================== [ 43.972651] BUG: Double free or freeing an invalid pointer [ 43.973411] Unexpected shadow byte: 0xFB [ 43.973955] CPU: 1 PID: 3278 Comm: syzkaller107477 Not tainted 4.9.67-gf26d3c7 #106 [ 43.974982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.976199] ffff8801c51478c0 ffffffff81d906e9 ffff8801da001280 ffff8801c98b0a00 [ 43.977344] ffff8801c98b0c00 ffffffff8137a7d3 0000000000000282 ffff8801c51478e8 [ 43.978501] ffffffff8153a2cc 00000000fffffffb ffff8801da001280 ffff8801c98b0a00 [ 43.979627] Call Trace: [ 43.979984] [] dump_stack+0xc1/0x128 [ 43.980710] [] ? relay_open+0x603/0x860 [ 43.981539] [] kasan_object_err+0x1c/0x70 [ 43.982326] [] kasan_report_double_free+0x53/0x80 [ 43.983232] [] kasan_slab_free+0x9d/0xc0 [ 43.984039] [] kfree+0xf0/0x2f0 [ 43.984706] [] relay_open+0x603/0x860 [ 43.985427] [] do_blk_trace_setup+0x3e9/0x950 [ 43.986233] [] blk_trace_setup+0xe0/0x1a0 [ 43.986997] [] ? do_blk_trace_setup+0x950/0x950 [ 43.987827] [] ? disk_name+0x98/0x100 [ 43.988546] [] blk_trace_ioctl+0x1de/0x300 [ 43.989318] [] ? compat_blk_trace_setup+0x250/0x250 [ 43.990194] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 43.991067] [] ? __lock_is_held+0xa1/0xf0 [ 43.991830] [] blkdev_ioctl+0xb00/0x1a60 [ 43.997513] [] ? blkpg_ioctl+0x930/0x930 [ 44.003197] [] ? __lru_cache_add+0x187/0x250 [ 44.009222] [] ? lru_cache_add+0xd9/0x1e0 [ 44.014986] [] ? handle_mm_fault+0xb12/0x2530 [ 44.021100] [] block_ioctl+0xde/0x120 [ 44.026515] [] ? blkdev_fallocate+0x440/0x440 [ 44.032624] [] do_vfs_ioctl+0x1aa/0x1140 [ 44.038312] [] ? ioctl_preallocate+0x220/0x220 [ 44.044508] [] ? selinux_file_ioctl+0x355/0x530 [ 44.050789] [] ? selinux_capable+0x40/0x40 [ 44.056636] [] ? up_read+0x1a/0x40 [ 44.061790] [] ? __do_page_fault+0x3bd/0xd40 [ 44.067810] [] ? security_file_ioctl+0x89/0xb0 [ 44.074004] [] SyS_ioctl+0x8f/0xc0 [ 44.079159] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 44.085700] Object at ffff8801c98b0a00, in cache kmalloc-512 size: 512 [ 44.092323] Allocated: [ 44.094785] PID = 3278 [ 44.097247] save_stack_trace+0x16/0x20 [ 44.101192] save_stack+0x43/0xd0 [ 44.104613] kasan_kmalloc+0xad/0xe0 [ 44.108290] kmem_cache_alloc_trace+0xfb/0x2a0 [ 44.112835] relay_open+0x91/0x860 [ 44.116341] do_blk_trace_setup+0x3e9/0x950 [ 44.120623] blk_trace_setup+0xe0/0x1a0 [ 44.124557] blk_trace_ioctl+0x1de/0x300 [ 44.128583] blkdev_ioctl+0xb00/0x1a60 [ 44.132434] block_ioctl+0xde/0x120 [ 44.136024] do_vfs_ioctl+0x1aa/0x1140 [ 44.139870] SyS_ioctl+0x8f/0xc0 [ 44.143197] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 44.147912] Freed: [ 44.150024] PID = 3278 [ 44.152485] save_stack_trace+0x16/0x20 [ 44.156419] save_stack+0x43/0xd0 [ 44.159833] kasan_slab_free+0x73/0xc0 [ 44.163680] kfree+0xf0/0x2f0 [ 44.166746] relay_destroy_channel+0x16/0x20 [ 44.17