Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.20' (ECDSA) to the list of known hosts.
Warning: Permanently added '[ssh-serialport.googleapis.com]:9600,[216.239.38.127]:9600' (RSA) to the list of known hosts.
2017/07/23 10:45:42 parsed 1 programs
2017/07/23 10:45:42 executed programs: 0
serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-5 port 1 (session ID: 201f89a1d005da2653ee7cb8bf94b6f308d512e73777b21785d24e653ab7f20d, active connections: 1).
INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   57.264423] ==================================================================
[   57.265498] BUG: KASAN: use-after-free in skb_dequeue+0x162/0x180 at addr ffff8801c9411648
[   57.266645] Write of size 8 by task syz-executor0/3351
[   57.267376] CPU: 1 PID: 3351 Comm: syz-executor0 Not tainted 4.9.39-g5b07c2d #4
[   57.268388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.269695]  ffff8801c9a0f6c8 ffffffff81eacd59 ffff8801d98023c0 ffff8801c9411640
[   57.270824]  ffff8801c9411720 ffffed00392822c9 ffff8801c9411648 ffff8801c9a0f6f0
[   57.271951]  ffffffff81546bfc ffffed00392822c9 ffff8801d98023c0 0000000000000001
[   57.273087] Call Trace:
[   57.273457]  [<ffffffff81eacd59>] dump_stack+0xc1/0x128
[   57.274168]  [<ffffffff81546bfc>] kasan_object_err+0x1c/0x70
[   57.274932]  [<ffffffff81546ead>] kasan_report.part.1+0x20d/0x4e0
[   57.275782]  [<ffffffff82f12112>] ? skb_dequeue+0x162/0x180
[   57.276562]  [<ffffffff8154732c>] __asan_report_store8_noabort+0x2c/0x30
[   57.277550]  [<ffffffff82f12112>] skb_dequeue+0x162/0x180
[   57.278280]  [<ffffffff82f187f6>] skb_queue_purge+0x26/0x40
[   57.279035]  [<ffffffff8359ffa7>] pfkey_sock_destruct+0x157/0x370
[   57.279872]  [<ffffffff8359fe84>] ? pfkey_sock_destruct+0x34/0x370
[   57.280776]  [<ffffffff8359fe50>] ? pfkey_is_alive+0x470/0x470
[   57.281585]  [<ffffffff82f08c93>] __sk_destruct+0x53/0x570
[   57.282337]  [<ffffffff82f0d397>] sk_destruct+0x47/0x80
[   57.283143]  [<ffffffff82f0d427>] __sk_free+0x57/0x230
[   57.283857]  [<ffffffff82f0d623>] sk_free+0x23/0x30
[   57.284521]  [<ffffffff8359176e>] pfkey_release+0x25e/0x2f0
[   57.290206]  [<ffffffff82ef8980>] ? sock_release+0x1e0/0x1e0
[   57.295966]  [<ffffffff82ef882d>] sock_release+0x8d/0x1e0
[   57.301473]  [<ffffffff82ef8996>] sock_close+0x16/0x20
[   57.306717]  [<ffffffff8157bfdc>] __fput+0x28c/0x6e0
[   57.311786]  [<ffffffff8157c4b5>] ____fput+0x15/0x20
[   57.316852]  [<ffffffff81196f95>] task_work_run+0x115/0x190
[   57.322534]  [<ffffffff8113eb7e>] do_exit+0x82e/0x2a50
[   57.327780]  [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   57.334757]  [<ffffffff8113e350>] ? release_task+0x1240/0x1240
[   57.340694]  [<ffffffff811cb38a>] ? wake_up_q+0x8a/0xe0
[   57.346061]  [<ffffffff812d6983>] ? drop_futex_key_refs.isra.12+0x63/0xd0
[   57.352952]  [<ffffffff8115c9f3>] ? __dequeue_signal+0xa3/0x550
[   57.358973]  [<ffffffff8115c712>] ? recalc_sigpending+0x72/0x90
[   57.364996]  [<ffffffff81145308>] do_group_exit+0x108/0x320
[   57.370670]  [<ffffffff8116766c>] get_signal+0x55c/0x1600
[   57.376172]  [<ffffffff81054b7f>] do_signal+0x7f/0x1940
[   57.381501]  [<ffffffff81054b00>] ? setup_sigcontext+0x7d0/0x7d0
[   57.387694]  [<ffffffff81648566>] ? fsnotify+0x86/0xf30
[   57.393027]  [<ffffffff81d7c3a2>] ? apparmor_file_permission+0x22/0x30
[   57.399656]  [<ffffffff812df006>] ? SyS_futex+0x226/0x2c0
[   57.405163]  [<ffffffff810039df>] ? exit_to_usermode_loop+0xaf/0x130
[   57.411627]  [<ffffffff81003a15>] exit_to_usermode_loop+0xe5/0x130
[   57.417909]  [<ffffffff81006260>] syscall_return_slowpath+0x1a0/0x1e0
[   57.424452]  [<ffffffff83965966>] entry_SYSCALL_64_fastpath+0xc4/0xc6
[   57.430993] Object at ffff8801c9411640, in cache skbuff_head_cache size: 224
[   57.438139] Allocated:
[   57.440597] PID = 3351
[   57.443060]  save_stack_trace+0x16/0x20
[   57.446998]  save_stack+0x43/0xd0
[   57.450415]  kasan_kmalloc+0xad/0xe0
[   57.454093]  kasan_slab_alloc+0x12/0x20
[   57.458029]  kmem_cache_alloc_node+0x107/0x2a0
[   57.462575]  __alloc_skb+0xef/0x600
[   57.466164]  pfkey_xfrm_policy2msg_prep+0x29/0x50
[   57.470971]  dump_sp+0xa8/0x450
[   57.474213]  xfrm_policy_walk+0x1b1/0x4d0
[   57.478322]  pfkey_dump_sp+0x42/0x50
[   57.481995]  pfkey_do_dump+0x40/0x2b0
[   57.485758]  pfkey_spddump+0x187/0x1e0
[   57.489605]  pfkey_process+0x606/0x710
[   57.493452]  pfkey_sendmsg+0x3af/0x750
[   57.497304]  sock_sendmsg+0xca/0x110
[   57.500980]  sock_write_iter+0x21d/0x3a0
[   57.505002]  __vfs_write+0x4ac/0x660
[   57.508678]  vfs_write+0x170/0x4e0
[   57.512178]  SyS_write+0xd4/0x1a0
[   57.515598]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   57.520313] Freed:
[   57.522426] PID = 3351
[   57.524890]  save_stack_trace+0x16/0x20
[   57.528824]  save_stack+0x43/0xd0
[   57.532239]  kasan_slab_free+0x73/0xc0
[   57.536085]  kmem_cache_free+0xb2/0x2e0
[   57.540027]  kfree_skbmem+0xd7/0xf0
[   57.543619]  __kfree_skb+0x1d/0x20
[   57.547119]  kfree_skb+0xcc/0x330
[   57.550535]  pfkey_broadcast+0x3d6/0x5f0
[   57.554570]  pfkey_do_dump+0x20e/0x2b0
[   57.558419]  pfkey_spddump+0x187/0x1e0
[   57.562271]  pfkey_process+0x606/0x710
[   57.566120]  pfkey_sendmsg+0x3af/0x750
[   57.569970]  sock_sendmsg+0xca/0x110
[   57.573647]  sock_write_iter+0x21d/0x3a0
[   57.577670]  __vfs_write+0x4ac/0x660
[   57.581346]  vfs_write+0x170/0x4e0
[   57.584849]  SyS_write+0xd4/0x1a0
[   57.588266]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   57.592980] Memory state around the buggy address:
[   57.597877]  ffff8801c9411500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.605201]  ffff8801c9411580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   57.612523] >ffff8801c9411600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   57.619846]                                               ^
[   57.625529]  ffff8801c9411680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.632851]  ffff8801c9411700: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   57.640170] ==================================================================
[   57.647491] Disabling lock debugging due to kernel taint
[   57.653139] ==================================================================
[   57.660478] BUG: KASAN: use-after-free in skb_dequeue+0x176/0x180 at addr ffff8801c9411640
[   57.668845] Read of size 8 by task syz-executor0/3351
[   57.674002] CPU: 1 PID: 3351 Comm: syz-executor0 Tainted: G    B           4.9.39-g5b07c2d #4
[   57.682631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.691948]  ffff8801c9a0f6c8 ffffffff81eacd59 ffff8801d98023c0 ffff8801c9411640
[   57.699887]  ffff8801c9411720 ffffed00392822c8 ffff8801c9411640 ffff8801c9a0f6f0
[   57.707839]  ffffffff81546bfc ffffed00392822c8 ffff8801d98023c0 0000000000000000
[   57.715777] Call Trace:
[   57.718332]  [<ffffffff81eacd59>] dump_stack+0xc1/0x128
[   57.723658]  [<ffffffff81546bfc>] kasan_object_err+0x1c/0x70
[   57.729426]  [<ffffffff81546ead>] kasan_report.part.1+0x20d/0x4e0
[   57.735618]  [<ffffffff82f12126>] ? skb_dequeue+0x176/0x180
[   57.741292]  [<ffffffff81547239>] __asan_report_load8_noabort+0x29/0x30
[   57.748005]  [<ffffffff82f12126>] skb_dequeue+0x176/0x180
[   57.753506]  [<ffffffff82f187f6>] skb_queue_purge+0x26/0x40
[   57.759179]  [<ffffffff8359ffa7>] pfkey_sock_destruct+0x157/0x370
[   57.765373]  [<ffffffff8359fe84>] ? pfkey_sock_destruct+0x34/0x370
[   57.771656]  [<ffffffff8359fe50>] ? pfkey_is_alive+0x470/0x470
[   57.777593]  [<ffffffff82f08c93>] __sk_destruct+0x53/0x570
[   57.783187]  [<ffffffff82f0d397>] sk_destruct+0x47/0x80
[   57.788525]  [<ffffffff82f0d427>] __sk_free+0x57/0x230
[   57.793763]  [<ffffffff82f0d623>] sk_free+0x23/0x30
[   57.798756]  [<ffffffff8359176e>] pfkey_release+0x25e/0x2f0
[   57.804440]  [<ffffffff82ef8980>] ? sock_release+0x1e0/0x1e0
[   57.810198]  [<ffffffff82ef882d>] sock_release+0x8d/0x1e0
[   57.815696]  [<ffffffff82ef8996>] sock_close+0x16/0x20
[   57.820934]  [<ffffffff8157bfdc>] __fput+0x28c/0x6e0
[   57.825999]  [<ffffffff8157c4b5>] ____fput+0x15/0x20
[   57.831065]  [<ffffffff81196f95>] task_work_run+0x115/0x190
[   57.836740]  [<ffffffff8113eb7e>] do_exit+0x82e/0x2a50
[   57.841979]  [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   57.848957]  [<ffffffff8113e350>] ? release_task+0x1240/0x1240
[   57.854889]  [<ffffffff811cb38a>] ? wake_up_q+0x8a/0xe0
[   57.860216]  [<ffffffff812d6983>] ? drop_futex_key_refs.isra.12+0x63/0xd0
[   57.867108]  [<ffffffff8115c9f3>] ? __dequeue_signal+0xa3/0x550
[   57.873126]  [<ffffffff8115c712>] ? recalc_sigpending+0x72/0x90
[   57.879146]  [<ffffffff81145308>] do_group_exit+0x108/0x320
[   57.884819]  [<ffffffff8116766c>] get_signal+0x55c/0x1600
[   57.890320]  [<ffffffff81054b7f>] do_signal+0x7f/0x1940
[   57.895646]  [<ffffffff81054b00>] ? setup_sigcontext+0x7d0/0x7d0
[   57.901752]  [<ffffffff81648566>] ? fsnotify+0x86/0xf30
[   57.907081]  [<ffffffff81d7c3a2>] ? apparmor_file_permission+0x22/0x30
[   57.913708]  [<ffffffff812df006>] ? SyS_futex+0x226/0x2c0
[   57.919219]  [<ffffffff810039df>] ? exit_to_usermode_loop+0xaf/0x130
[   57.925672]  [<ffffffff81003a15>] exit_to_usermode_loop+0xe5/0x130
[   57.931952]  [<ffffffff81006260>] syscall_return_slowpath+0x1a0/0x1e0
[   57.938587]  [<ffffffff83965966>] entry_SYSCALL_64_fastpath+0xc4/0xc6
[   57.945128] Object at ffff8801c9411640, in cache skbuff_head_cache size: 224
[   57.952278] Allocated:
[   57.954735] PID = 3351
[   57.957198]  save_stack_trace+0x16/0x20
[   57.961136]  save_stack+0x43/0xd0
[   57.964552]  kasan_kmalloc+0xad/0xe0
[   57.968228]  kasan_slab_alloc+0x12/0x20
[   57.972165]  kmem_cache_alloc_node+0x107/0x2a0
[   57.976709]  __alloc_skb+0xef/0x600
[   57.980298]  pfkey_xfrm_policy2msg_prep+0x29/0x50
[   57.985106]  dump_sp+0xa8/0x450
[   57.988350]  xfrm_policy_walk+0x1b1/0x4d0
[   57.992459]  pfkey_dump_sp+0x42/0x50
[   57.996133]  pfkey_do_dump+0x40/0x2b0
[   57.999896]  pfkey_spddump+0x187/0x1e0
[   58.003745]  pfkey_process+0x606/0x710
[   58.007593]  pfkey_sendmsg+0x3af/0x750
[   58.011443]  sock_sendmsg+0xca/0x110
[   58.015123]  sock_write_iter+0x21d/0x3a0
[   58.019152]  __vfs_write+0x4ac/0x660
[   58.022827]  vfs_write+0x170/0x4e0
[   58.026328]  SyS_write+0xd4/0x1a0
[   58.029745]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   58.034458] Freed:
[   58.036569] PID = 3351
[   58.039033]  save_stack_trace+0x16/0x20
[   58.042968]  save_stack+0x43/0xd0
[   58.046381]  kasan_slab_free+0x73/0xc0
[   58.050228]  kmem_cache_free+0xb2/0x2e0
[   58.054167]  kfree_skbmem+0xd7/0xf0
[   58.057753]  __kfree_skb+0x1d/0x20
[   58.061256]  kfree_skb+0xcc/0x330
[   58.064672]  pfkey_broadcast+0x3d6/0x5f0
[   58.068693]  pfkey_do_dump+0x20e/0x2b0
[   58.072544]  pfkey_spddump+0x187/0x1e0
[   58.076397]  pfkey_process+0x606/0x710
[   58.080243]  pfkey_sendmsg+0x3af/0x750
[   58.084091]  sock_sendmsg+0xca/0x110
[   58.087764]  sock_write_iter+0x21d/0x3a0
[   58.091785]  __vfs_write+0x4ac/0x660
[   58.095462]  vfs_write+0x170/0x4e0
[   58.098968]  SyS_write+0xd4/0x1a0
[   58.102383]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   58.107105] Memory state around the buggy address:
[   58.112000]  ffff8801c9411500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.119320]  ffff8801c9411580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   58.126641] >ffff8801c9411600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   58.133960]                                            ^
[   58.139375]  ffff8801c9411680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.146694]  ffff8801c9411700: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   58.154012] ==================================================================
[   58.161335] ==================================================================
[   58.168660] BUG: KASAN: use-after-free in skb_dequeue+0x169/0x180 at addr ffff8801c9411648
[   58.177022] Read of size 8 by task syz-executor0/3351
[   58.182175] CPU: 1 PID: 3351 Comm: syz-executor0 Tainted: G    B           4.9.39-g5b07c2d #4
[   58.190799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.200120]  ffff8801c9a0f6c8 ffffffff81eacd59 ffff8801d98023c0 ffff8801c9411640
[   58.208060]  ffff8801c9411720 ffffed00392822c9 ffff8801c9411648 ffff8801c9a0f6f0
[   58.216004]  ffffffff81546bfc ffffed00392822c9 ffff8801d98023c0 0000000000000000
[   58.223954] Call Trace:
[   58.226510]  [<ffffffff81eacd59>] dump_stack+0xc1/0x128
[   58.231837]  [<ffffffff81546bfc>] kasan_object_err+0x1c/0x70
[   58.237598]  [<ffffffff81546ead>] kasan_report.part.1+0x20d/0x4e0
[   58.243790]  [<ffffffff82f12119>] ? skb_dequeue+0x169/0x180
[   58.249462]  [<ffffffff81547239>] __asan_report_load8_noabort+0x29/0x30
[   58.256174]  [<ffffffff82f12119>] skb_dequeue+0x169/0x180
[   58.261674]  [<ffffffff82f187f6>] skb_queue_purge+0x26/0x40