INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-6,10.128.0.14' (ECDSA) to the list of known hosts. 2017/08/10 23:42:00 parsed 1 programs 2017/08/10 23:42:00 executed programs: 0 syzkaller login: [ 33.536193] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.540482] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.545991] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.547456] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.574642] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.602190] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.635758] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.652924] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.809093] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.888970] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 33.959518] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 34.039155] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 34.118974] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 34.269234] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 34.328994] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 34.358184] ================================================================== [ 34.365570] BUG: Double free or freeing an invalid pointer [ 34.371161] Unexpected shadow byte: 0xFB [ 34.375189] CPU: 1 PID: 3477 Comm: syz-executor0 Not tainted 4.9.41-gc6b2ed3 #21 [ 34.382684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.392004] ffff8801c780fb70 ffffffff81d92609 ffff8801da001b40 ffff8801d1b4f980 [ 34.399957] ffff8801d1b4f990 ffffffff82a73968 0000000000000282 ffff8801c780fb98 [ 34.407937] ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d1b4f980 [ 34.415887] Call Trace: [ 34.418446] [] dump_stack+0xc1/0x128 [ 34.423788] [] ? keychord_write+0x628/0x820 [ 34.429727] [] kasan_object_err+0x1c/0x70 [ 34.435492] [] kasan_report_double_free+0x53/0x80 [ 34.441958] [] kasan_slab_free+0x9d/0xc0 [ 34.447635] [] kfree+0xf0/0x2f0 [ 34.452541] [] keychord_write+0x628/0x820 [ 34.458307] [] ? keychord_read+0x510/0x510 [ 34.464165] [] __vfs_write+0x103/0x680 [ 34.469666] [] ? default_llseek+0x290/0x290 [ 34.475603] [] ? __might_sleep+0x95/0x1a0 [ 34.481370] [] ? __inode_security_revalidate+0xd9/0x130 [ 34.488348] [] ? avc_policy_seqno+0x9/0x20 [ 34.494199] [] ? selinux_file_permission+0x82/0x460 [ 34.500832] [] ? security_file_permission+0x89/0x1e0 [ 34.507551] [] ? rw_verify_area+0xe5/0x2b0 [ 34.513400] [] vfs_write+0x170/0x4e0 [ 34.518736] [] SyS_write+0xd9/0x1b0 [ 34.523976] [] ? SyS_read+0x1b0/0x1b0 [ 34.529400] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.535949] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 34.542494] Object at ffff8801d1b4f980, in cache kmalloc-16 size: 16 [ 34.548945] Allocated: [ 34.551406] PID = 3477 [ 34.553868] save_stack_trace+0x16/0x20 [ 34.557808] save_stack+0x43/0xd0 [ 34.561226] kasan_kmalloc+0xad/0xe0 [ 34.564904] __kmalloc+0x11d/0x310 [ 34.568416] keychord_write+0x6d/0x820 [ 34.572275] __vfs_write+0x103/0x680 [ 34.575954] vfs_write+0x170/0x4e0 [ 34.579469] SyS_write+0xd9/0x1b0 [ 34.582889] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 34.587610] Freed: [ 34.589721] PID = 3493 [ 34.592184] save_stack_trace+0x16/0x20 [ 34.596119] save_stack+0x43/0xd0 [ 34.599550] kasan_slab_free+0x73/0xc0 [ 34.603399] kfree+0xf0/0x2f0 [ 34.606468] keychord_write+0x15d/0x820 [ 34.610406] __vfs_write+0x103/0x680 [ 34.614088] vfs_write+0x170/0x4e0 [ 34.617590] SyS_write+0xd9/0x1b0 [ 34.621008] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 34.625730] ================================================================== [ 34.786213] ================================================================== [ 34.793591] BUG: Double free or freeing an invalid pointer [ 34.799180] Unexpected shadow byte: 0xFB [ 34.803297] CPU: 0 PID: 3524 Comm: syz-executor0 Tainted: G B 4.9.41-gc6b2ed3 #21 [ 34.812017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.821345] ffff8801d0ccfb70 ffffffff81d92609 ffff8801da001b40 ffff8801d851dd00 [ 34.829290] ffff8801d851dd10 ffffffff82a73968 0000000000000282 ffff8801d0ccfb98 [ 34.837229] ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d851dd00 [ 34.845172] Call Trace: [ 34.847726] [] dump_stack+0xc1/0x128 [ 34.853063] [] ? keychord_write+0x628/0x820 [ 34.859013] [] kasan_object_err+0x1c/0x70 [ 34.864784] [] kasan_report_double_free+0x53/0x80 [ 34.871255] [] kasan_slab_free+0x9d/0xc0 [ 34.876946] [] kfree+0xf0/0x2f0 [ 34.881847] [] keychord_write+0x628/0x820 [ 34.887620] [] ? keychord_read+0x510/0x510 [ 34.893485] [] __vfs_write+0x103/0x680 [ 34.899010] [] ? default_llseek+0x290/0x290 [ 34.904957] [] ? __might_sleep+0x95/0x1a0 [ 34.910725] [] ? __inode_security_revalidate+0xd9/0x130 [ 34.917711] [] ? avc_policy_seqno+0x9/0x20 [ 34.923570] [] ? selinux_file_permission+0x82/0x460 [ 34.930218] [] ? security_file_permission+0x89/0x1e0 [ 34.937029] [] ? rw_verify_area+0xe5/0x2b0 [ 34.942887] [] vfs_write+0x170/0x4e0 [ 34.948226] [] SyS_write+0xd9/0x1b0 [ 34.953473] [] ? SyS_read+0x1b0/0x1b0 [ 34.958896] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.965451] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 34.972015] Object at ffff8801d851dd00, in cache kmalloc-16 size: 16 [ 34.978471] Allocated: [ 34.980934] PID = 3524 [ 34.983403] save_stack_trace+0x16/0x20 [ 34.987351] save_stack+0x43/0xd0 [ 34.990794] kasan_kmalloc+0xad/0xe0 [ 34.994487] __kmalloc+0x11d/0x310 [ 34.998002] keychord_write+0x6d/0x820 [ 35.001860] __vfs_write+0x103/0x680 [ 35.005561] vfs_write+0x170/0x4e0 [ 35.009079] SyS_write+0xd9/0x1b0 [ 35.012513] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.017235] Freed: [ 35.019351] PID = 3565 [ 35.021819] save_stack_trace+0x16/0x20 [ 35.025777] save_stack+0x43/0xd0 [ 35.029201] kasan_slab_free+0x73/0xc0 [ 35.033084] kfree+0xf0/0x2f0 [ 35.036166] keychord_write+0x15d/0x820 [ 35.040113] __vfs_write+0x103/0x680 [ 35.043799] vfs_write+0x170/0x4e0 [ 35.047310] SyS_write+0xd9/0x1b0 [ 35.050750] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.055472] ================================================================== [ 35.062805] ================================================================== [ 35.070192] BUG: Double free or freeing an invalid pointer [ 35.075798] Unexpected shadow byte: 0xFB [ 35.079830] CPU: 1 PID: 3608 Comm: syz-executor2 Tainted: G B 4.9.41-gc6b2ed3 #21 [ 35.088544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.097871] ffff8801ccd6fb70 ffffffff81d92609 ffff8801da001b40 ffff8801d851d760 [ 35.105845] ffff8801d851d770 ffffffff82a73968 0000000000000282 ffff8801ccd6fb98 [ 35.113802] ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d851d760 [ 35.121764] Call Trace: [ 35.124324] [] dump_stack+0xc1/0x128 [ 35.129668] [] ? keychord_write+0x628/0x820 [ 35.135610] [] kasan_object_err+0x1c/0x70 [ 35.141380] [] kasan_report_double_free+0x53/0x80 [ 35.147846] [] kasan_slab_free+0x9d/0xc0 [ 35.153522] [] kfree+0xf0/0x2f0 [ 35.158419] [] keychord_write+0x628/0x820 [ 35.164181] [] ? keychord_read+0x510/0x510 [ 35.170041] [] __vfs_write+0x103/0x680 [ 35.175547] [] ? default_llseek+0x290/0x290 [ 35.181486] [] ? __might_sleep+0x95/0x1a0 [ 35.187258] [] ? __inode_security_revalidate+0xd9/0x130 [ 35.194254] [] ? avc_policy_seqno+0x9/0x20 [ 35.200114] [] ? selinux_file_permission+0x82/0x460 [ 35.206750] [] ? security_file_permission+0x89/0x1e0 [ 35.213478] [] ? rw_verify_area+0xe5/0x2b0 [ 35.219333] [] vfs_write+0x170/0x4e0 [ 35.224669] [] SyS_write+0xd9/0x1b0 [ 35.229910] [] ? SyS_read+0x1b0/0x1b0 [ 35.235338] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.241886] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.248438] Object at ffff8801d851d760, in cache kmalloc-16 size: 16 [ 35.254910] Allocated: [ 35.257370] PID = 3608 [ 35.259834] save_stack_trace+0x16/0x20 [ 35.263772] save_stack+0x43/0xd0 [ 35.267190] kasan_kmalloc+0xad/0xe0 [ 35.270868] __kmalloc+0x11d/0x310 [ 35.274461] keychord_write+0x6d/0x820 [ 35.278327] __vfs_write+0x103/0x680 [ 35.282012] vfs_write+0x170/0x4e0 [ 35.285522] SyS_write+0xd9/0x1b0 [ 35.288944] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.293670] Freed: [ 35.295790] PID = 3631 [ 35.298262] save_stack_trace+0x16/0x20 [ 35.302200] save_stack+0x43/0xd0 [ 35.305618] kasan_slab_free+0x73/0xc0 [ 35.309469] kfree+0xf0/0x2f0 [ 35.312541] keychord_write+0x15d/0x820 [ 35.316480] __vfs_write+0x103/0x680 [ 35.320157] vfs_write+0x170/0x4e0 [ 35.323671] SyS_write+0xd9/0x1b0 [ 35.327104] entry_SYSCALL_64_fastpath+0x23/0xc6