serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-5 port 1 (session ID: 3ea3d5135ab553149328fb2fa10052943d91f11adb78b390ee306b5923b1280f, active connections: 1).
INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.23' (ECDSA) to the list of known hosts.
2017/08/07 23:38:37 parsed 1 programs
2017/08/07 23:38:37 executed programs: 0
2017/08/07 23:38:42 executed programs: 2451
2017/08/07 23:38:47 executed programs: 4941
2017/08/07 23:38:52 executed programs: 7263
syzkaller login: INIT: Id "6" respawning too fast: disabled for 5 minutes
INIT: Id "3" respawning too fast: disabled for 5 minutes
INIT: Id "1" respawning too fast: disabled for 5 minutes
INIT: Id "4" respawning too fast: disabled for 5 minutes
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: Id "2" respawning too fast: disabled for 5 minutes
2017/08/07 23:38:57 executed programs: 9987
2017/08/07 23:39:02 executed programs: 12575
2017/08/07 23:39:07 executed programs: 14991
2017/08/07 23:39:12 executed programs: 17435
2017/08/07 23:39:17 executed programs: 19574
2017/08/07 23:39:22 executed programs: 21694
2017/08/07 23:39:27 executed programs: 23864
2017/08/07 23:39:32 executed programs: 26314
[  150.684649] ==================================================================
[  150.692074] BUG: KASAN: use-after-free in snd_seq_queue_alloc+0x47e/0x4a0 at addr ffff8801c7622000
[  150.701168] Read of size 4 by task syz-executor1/23085
[  150.706434] CPU: 1 PID: 23085 Comm: syz-executor1 Not tainted 4.9.40-g7b2727c #16
[  150.714036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  150.723372]  ffff8801cc49faa8 ffffffff81d8f109 ffff8801da001280 ffff8801c7622000
[  150.731324]  ffff8801c7622200 ffffed0038ec4400 ffff8801c7622000 ffff8801cc49fad0
[  150.739291]  ffffffff8153931c ffffed0038ec4400 ffff8801da001280 0000000000000000
[  150.747242] Call Trace:
[  150.749797]  [<ffffffff81d8f109>] dump_stack+0xc1/0x128
[  150.755131]  [<ffffffff8153931c>] kasan_object_err+0x1c/0x70
[  150.760893]  [<ffffffff815395dc>] kasan_report.part.1+0x21c/0x500
[  150.767088]  [<ffffffff83893086>] ? preempt_schedule+0x26/0x30
[  150.773024]  [<ffffffff82e096ee>] ? snd_seq_queue_alloc+0x47e/0x4a0
[  150.779395]  [<ffffffff81539949>] __asan_report_load4_noabort+0x29/0x30
[  150.786113]  [<ffffffff82e096ee>] snd_seq_queue_alloc+0x47e/0x4a0
[  150.792311]  [<ffffffff82dfdabd>] snd_seq_ioctl_create_queue+0xad/0x310
[  150.799289]  [<ffffffff82dfda10>] ? snd_seq_ioctl_delete_queue+0x90/0x90
[  150.806098]  [<ffffffff82e01146>] snd_seq_ioctl+0x226/0x4a0
[  150.811774]  [<ffffffff82e00f20>] ? snd_seq_open+0x570/0x570
[  150.817537]  [<ffffffff82e00f20>] ? snd_seq_open+0x570/0x570
[  150.823299]  [<ffffffff815a922a>] do_vfs_ioctl+0x1aa/0x10c0
[  150.828973]  [<ffffffff815a9080>] ? ioctl_preallocate+0x220/0x220
[  150.835174]  [<ffffffff81be5955>] ? selinux_file_ioctl+0x355/0x530
[  150.841471]  [<ffffffff81be5600>] ? selinux_capable+0x40/0x40
[  150.847321]  [<ffffffff815cbbc7>] ? __fget+0x47/0x3a0
[  150.852474]  [<ffffffff815cbd81>] ? __fget+0x201/0x3a0
[  150.857714]  [<ffffffff815cbda8>] ? __fget+0x228/0x3a0
[  150.862957]  [<ffffffff815cbbc7>] ? __fget+0x47/0x3a0
[  150.868114]  [<ffffffff81bce0c9>] ? security_file_ioctl+0x89/0xb0
[  150.874308]  [<ffffffff815aa1cf>] SyS_ioctl+0x8f/0xc0
[  150.879463]  [<ffffffff838a26c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
[  150.886004] Object at ffff8801c7622000, in cache kmalloc-512 size: 512
[  150.892631] Allocated:
[  150.895088] PID = 23085
[  150.897637]  save_stack_trace+0x16/0x20
[  150.901574]  save_stack+0x43/0xd0
[  150.904994]  kasan_kmalloc+0xad/0xe0
[  150.908683]  kmem_cache_alloc_trace+0xfb/0x2a0
[  150.913231]  snd_seq_queue_alloc+0x5d/0x4a0
[  150.917517]  snd_seq_ioctl_create_queue+0xad/0x310
[  150.922410]  snd_seq_ioctl+0x226/0x4a0
[  150.926260]  do_vfs_ioctl+0x1aa/0x10c0
[  150.930113]  SyS_ioctl+0x8f/0xc0
[  150.933457]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  150.938183] Freed:
[  150.940295] PID = 23098
[  150.942843]  save_stack_trace+0x16/0x20
[  150.946780]  save_stack+0x43/0xd0
[  150.950199]  kasan_slab_free+0x73/0xc0
[  150.954047]  kfree+0xf0/0x2f0
[  150.957119]  queue_delete+0x90/0xb0
[  150.960795]  snd_seq_queue_delete+0x3c/0x50
[  150.965083]  snd_seq_ioctl_delete_queue+0x6a/0x90
[  150.969893]  snd_seq_ioctl+0x226/0x4a0
[  150.973744]  do_vfs_ioctl+0x1aa/0x10c0
[  150.977679]  SyS_ioctl+0x8f/0xc0
[  150.981007]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  150.985724] Memory state around the buggy address:
[  150.990617]  ffff8801c7621f00: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[  150.997937]  ffff8801c7621f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  151.005260] >ffff8801c7622000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  151.012582]                    ^
[  151.015919]  ffff8801c7622080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  151.023241]  ffff8801c7622100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  151.030562] ==================================================================