Warning: Permanently added 'ci-android-49-kasan-gce-3,10.128.0.23' (ECDSA) to the list of known hosts. serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-3 port 1 (session ID: 38bc2f26ffe50ed3dbbb729f6d3a40ace960234745b10e1fe8e2bcfc4742763b, active connections: 1). INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 2017/07/28 01:12:36 parsed 1 programs 2017/07/28 01:12:36 executed programs: 0 syzkaller login: [ 20.730628] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 20.732634] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 20.824199] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 20.827542] ================================================================== [ 20.827543] BUG: Double free or freeing an invalid pointer [ 20.827545] Unexpected shadow byte: 0xFB [ 20.827551] CPU: 1 PID: 3390 Comm: syz-executor4 Not tainted 4.9.39-ga1e4c795 #8 [ 20.827553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.827560] ffff8801cefb7b78 ffffffff81eacd59 ffff8801dac01b40 ffff8801cfda89a0 [ 20.827565] ffff8801cfda89b0 ffffffff82b495eb 0000000000000282 ffff8801cefb7ba0 [ 20.827570] ffffffff81546bfc 00000000fffffffb ffff8801dac01b40 ffff8801cfda89a0 [ 20.827571] Call Trace: [ 20.827583] [] dump_stack+0xc1/0x128 [ 20.827590] [] ? keychord_write+0x61b/0x810 [ 20.827596] [] kasan_object_err+0x1c/0x70 [ 20.827601] [] kasan_report_double_free+0x44/0x60 [ 20.827604] [] kasan_slab_free+0x9d/0xc0 [ 20.827608] [] kfree+0xf0/0x2f0 [ 20.827612] [] keychord_write+0x61b/0x810 [ 20.827616] [] ? keychord_read+0x4f0/0x4f0 [ 20.827620] [] __vfs_write+0xfb/0x660 [ 20.827626] [] ? check_preemption_disabled+0x3b/0x200 [ 20.827630] [] ? default_llseek+0x290/0x290 [ 20.827635] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 20.827642] [] ? common_file_perm+0x14f/0x390 [ 20.827646] [] ? apparmor_file_permission+0x22/0x30 [ 20.827653] [] ? security_file_permission+0x89/0x1e0 [ 20.827657] [] ? rw_verify_area+0xe5/0x2b0 [ 20.827660] [] vfs_write+0x170/0x4e0 [ 20.827664] [] SyS_write+0xd4/0x1a0 [ 20.827668] [] ? SyS_read+0x1a0/0x1a0 [ 20.827674] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.827679] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.827685] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.827688] Object at ffff8801cfda89a0, in cache kmalloc-16 size: 16 [ 20.827689] Allocated: [ 20.827690] PID = 3390 [ 20.827695] save_stack_trace+0x16/0x20 [ 20.827698] save_stack+0x43/0xd0 [ 20.827701] kasan_kmalloc+0xad/0xe0 [ 20.827703] __kmalloc+0x128/0x320 [ 20.827706] keychord_write+0x6d/0x810 [ 20.827709] __vfs_write+0xfb/0x660 [ 20.827712] vfs_write+0x170/0x4e0 [ 20.827715] SyS_write+0xd4/0x1a0 [ 20.827717] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.827718] Freed: [ 20.827719] PID = 3450 [ 20.827722] save_stack_trace+0x16/0x20 [ 20.827724] save_stack+0x43/0xd0 [ 20.827727] kasan_slab_free+0x73/0xc0 [ 20.827730] kfree+0xf0/0x2f0 [ 20.827732] keychord_write+0x150/0x810 [ 20.827735] __vfs_write+0xfb/0x660 [ 20.827738] vfs_write+0x170/0x4e0 [ 20.827741] SyS_write+0xd4/0x1a0 [ 20.827744] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.827745] ================================================================== [ 20.827746] Disabling lock debugging due to kernel taint [ 20.832270] ================================================================== [ 20.832272] BUG: Double free or freeing an invalid pointer [ 20.832273] Unexpected shadow byte: 0xFB [ 20.832278] CPU: 1 PID: 3407 Comm: syz-executor1 Tainted: G B 4.9.39-ga1e4c795 #8 [ 20.832279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.832285] ffff8801ce1d7b78 ffffffff81eacd59 ffff8801dac01b40 ffff8801cfda8940 [ 20.832290] ffff8801cfda8950 ffffffff82b495eb 0000000000000282 ffff8801ce1d7ba0 [ 20.832294] ffffffff81546bfc 00000000fffffffb ffff8801dac01b40 ffff8801cfda8940 [ 20.832295] Call Trace: [ 20.832302] [] dump_stack+0xc1/0x128 [ 20.832306] [] ? keychord_write+0x61b/0x810 [ 20.832310] [] kasan_object_err+0x1c/0x70 [ 20.832314] [] kasan_report_double_free+0x44/0x60 [ 20.832318] [] kasan_slab_free+0x9d/0xc0 [ 20.832321] [] kfree+0xf0/0x2f0 [ 20.832325] [] keychord_write+0x61b/0x810 [ 20.832329] [] ? keychord_read+0x4f0/0x4f0 [ 20.832332] [] __vfs_write+0xfb/0x660 [ 20.832336] [] ? check_preemption_disabled+0x3b/0x200 [ 20.832340] [] ? default_llseek+0x290/0x290 [ 20.832344] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 20.832348] [] ? common_file_perm+0x14f/0x390 [ 20.832352] [] ? apparmor_file_permission+0x22/0x30 [ 20.832357] [] ? security_file_permission+0x89/0x1e0 [ 20.832360] [] ? rw_verify_area+0xe5/0x2b0 [ 20.832364] [] vfs_write+0x170/0x4e0 [ 20.832368] [] SyS_write+0xd4/0x1a0 [ 20.832371] [] ? SyS_read+0x1a0/0x1a0 [ 20.832376] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.832379] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.832383] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.832386] Object at ffff8801cfda8940, in cache kmalloc-16 size: 16 [ 20.832387] Allocated: [ 20.832388] PID = 3407 [ 20.832391] save_stack_trace+0x16/0x20 [ 20.832394] save_stack+0x43/0xd0 [ 20.832397] kasan_kmalloc+0xad/0xe0 [ 20.832399] __kmalloc+0x128/0x320 [ 20.832402] keychord_write+0x6d/0x810 [ 20.832404] __vfs_write+0xfb/0x660 [ 20.832407] vfs_write+0x170/0x4e0 [ 20.832410] SyS_write+0xd4/0x1a0 [ 20.832413] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.832414] Freed: [ 20.832415] PID = 3451 [ 20.832417] save_stack_trace+0x16/0x20 [ 20.832420] save_stack+0x43/0xd0 [ 20.832423] kasan_slab_free+0x73/0xc0 [ 20.832425] kfree+0xf0/0x2f0 [ 20.832428] keychord_write+0x150/0x810 [ 20.832431] __vfs_write+0xfb/0x660 [ 20.832434] vfs_write+0x170/0x4e0 [ 20.832436] SyS_write+0xd4/0x1a0 [ 20.832439] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.832440] ================================================================== [ 20.841367] ================================================================== [ 20.841368] BUG: Double free or freeing an invalid pointer [ 20.841369] Unexpected shadow byte: 0xFB [ 20.841374] CPU: 0 PID: 3417 Comm: syz-executor7 Tainted: G B 4.9.39-ga1e4c795 #8 [ 20.841376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.841382] ffff8801c9e87b78 ffffffff81eacd59 ffff8801dac01b40 ffff8801ca566be0 [ 20.841387] ffff8801ca566bf0 ffffffff82b495eb 0000000000000282 ffff8801c9e87ba0 [ 20.841391] ffffffff81546bfc 00000000fffffffb ffff8801dac01b40 ffff8801ca566be0 [ 20.841392] Call Trace: [ 20.841400] [] dump_stack+0xc1/0x128 [ 20.841405] [] ? keychord_write+0x61b/0x810 [ 20.841409] [] kasan_object_err+0x1c/0x70 [ 20.841413] [] kasan_report_double_free+0x44/0x60 [ 20.841417] [] kasan_slab_free+0x9d/0xc0 [ 20.841420] [] kfree+0xf0/0x2f0 [ 20.841424] [] keychord_write+0x61b/0x810 [ 20.841428] [] ? keychord_read+0x4f0/0x4f0 [ 20.841431] [] __vfs_write+0xfb/0x660 [ 20.841436] [] ? check_preemption_disabled+0x3b/0x200 [ 20.841439] [] ? default_llseek+0x290/0x290 [ 20.841444] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 20.841448] [] ? common_file_perm+0x14f/0x390 [ 20.841452] [] ? apparmor_file_permission+0x22/0x30 [ 20.841457] [] ? security_file_permission+0x89/0x1e0 [ 20.841461] [] ? rw_verify_area+0xe5/0x2b0 [ 20.841465] [] vfs_write+0x170/0x4e0 [ 20.841469] [] SyS_write+0xd4/0x1a0 [ 20.841473] [] ? SyS_read+0x1a0/0x1a0 [ 20.841477] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.841481] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.841485] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.841488] Object at ffff8801ca566be0, in cache kmalloc-16 size: 16 [ 20.841489] Allocated: [ 20.841490] PID = 3417 [ 20.841493] save_stack_trace+0x16/0x20 [ 20.841496] save_stack+0x43/0xd0 [ 20.841499] kasan_kmalloc+0xad/0xe0 [ 20.841502] __kmalloc+0x128/0x320 [ 20.841504] keychord_write+0x6d/0x810 [ 20.841507] __vfs_write+0xfb/0x660 [ 20.841510] vfs_write+0x170/0x4e0 [ 20.841513] SyS_write+0xd4/0x1a0 [ 20.841516] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.841516] Freed: [ 20.841518] PID = 3456 [ 20.841520] save_stack_trace+0x16/0x20 [ 20.841523] save_stack+0x43/0xd0 [ 20.841526] kasan_slab_free+0x73/0xc0 [ 20.841528] kfree+0xf0/0x2f0 [ 20.841531] keychord_write+0x150/0x810 [ 20.841533] __vfs_write+0xfb/0x660 [ 20.841536] vfs_write+0x170/0x4e0 [ 20.841539] SyS_write+0xd4/0x1a0 [ 20.841542] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 20.841543] ================================================================== [ 20.841545] ================================================================== [ 20.841547] BUG: Double free or freeing an invalid pointer [ 20.841548] Unexpected shadow byte: 0xFB [ 20.841553] CPU: 1 PID: 3418 Comm: syz-executor6 Tainted: G B 4.9.39-ga1e4c795 #8 [ 20.841555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.841560] ffff8801c9ea7b78 ffffffff81eacd59 ffff8801dac01b40 ffff8801cfda88c0 [ 20.841565] ffff8801cfda88d0 ffffffff82b495eb 0000000000000282 ffff8801c9ea7ba0 [ 20.841569] ffffffff81546bfc 00000000fffffffb ffff8801dac01b40 ffff8801cfda88c0 [ 20.841570] Call Trace: [ 20.841577] [] dump_stack+0xc1/0x128 [ 20.841581] [] ? keychord_write+0x61b/0x810 [ 20.841588] [] kasan_object_err+0x1c/0x70 [ 20.841592] [] kasan_report_double_free+0x44/0x60 [ 20.841596] [] kasan_slab_free+0x9d/0xc0 [ 20.841599] [] kfree+0xf0/0x2f0 [ 20.841603] [] keychord_write+0x61b/0x810 [ 20.841606] [] ? keychord_read+0x4f0/0x4f0 [ 20.841610] [] __vfs_write+0xfb/0x660 [ 20.841614] [] ? check_preemption_disabled+0x3b/0x200