Pseudo-terminal will not be allocated because stdin is not a terminal. Warning: Permanently added 'ci-android-49-kasan-gce-0,10.128.0.8' (ECDSA) to the list of known hosts. Warning: Permanently added '[ssh-serialport.googleapis.com]:9600,[216.239.38.127]:9600' (RSA) to the list of known hosts. 2017/07/22 06:29:11 parsed 1 programs 2017/07/22 06:29:11 executed programs: 0 serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-0 port 1 (session ID: 13e25806464bd42221265c0553c9833c444c739c8f85bea75c47fe8e45192732, active connections: 1). INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.917495] ================================================================== [ 39.918652] BUG: KASAN: slab-out-of-bounds in keychord_write+0x78e/0x7d0 at addr ffff8801cc3bc6ce [ 39.919956] Read of size 2 by task syz-executor0/3367 [ 39.920752] CPU: 0 PID: 3367 Comm: syz-executor0 Not tainted 4.9.39-g5b07c2d #4 [ 39.921860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.923246] ffff8801ce0e7b70 ffffffff81eacd59 ffff8801dac01b40 ffff8801cc3bc6c0 [ 39.924524] ffff8801cc3bc6d0 ffffed00398778d9 ffff8801cc3bc6ce ffff8801ce0e7b98 [ 39.925814] ffffffff81546bfc ffffed00398778d9 ffff8801dac01b40 0000000000000000 [ 39.927038] Call Trace: [ 39.927467] [] dump_stack+0xc1/0x128 [ 39.928178] [] kasan_object_err+0x1c/0x70 [ 39.929191] [] kasan_report.part.1+0x20d/0x4e0 [ 39.930025] [] ? keychord_write+0x78e/0x7d0 [ 39.930891] [] ? keychord_write+0x150/0x7d0 [ 39.931677] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 39.932596] [] __asan_report_load2_noabort+0x29/0x30 [ 39.933524] [] keychord_write+0x78e/0x7d0 [ 39.934339] [] ? keychord_read+0x4f0/0x4f0 [ 39.935200] [] __vfs_write+0xfb/0x660 [ 39.935987] [] ? do_huge_pmd_anonymous_page+0x2ed/0xfd0 [ 39.936962] [] ? default_llseek+0x290/0x290 [ 39.939046] [] ? handle_mm_fault+0x6e6/0x2400 [ 39.945152] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 39.951953] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.958668] [] ? common_file_perm+0x14f/0x390 [ 39.964775] [] ? apparmor_file_permission+0x22/0x30 [ 39.971405] [] ? security_file_permission+0x89/0x1e0 [ 39.978121] [] ? rw_verify_area+0xe5/0x2b0 [ 39.983967] [] vfs_write+0x170/0x4e0 [ 39.989304] [] SyS_write+0xd4/0x1a0 [ 39.994540] [] ? SyS_read+0x1a0/0x1a0 [ 39.999952] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 40.006765] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.013314] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.019860] Object at ffff8801cc3bc6c0, in cache kmalloc-16 size: 16 [ 40.026311] Allocated: [ 40.028768] PID = 3367 [ 40.031231] save_stack_trace+0x16/0x20 [ 40.035178] save_stack+0x43/0xd0 [ 40.038638] kasan_kmalloc+0xad/0xe0 [ 40.042314] __kmalloc+0x128/0x320 [ 40.045817] keychord_write+0x6d/0x7d0 [ 40.049668] __vfs_write+0xfb/0x660 [ 40.053255] vfs_write+0x170/0x4e0 [ 40.056755] SyS_write+0xd4/0x1a0 [ 40.060172] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.064885] Freed: [ 40.066994] PID = 1884 [ 40.069454] save_stack_trace+0x16/0x20 [ 40.073394] save_stack+0x43/0xd0 [ 40.076808] kasan_slab_free+0x73/0xc0 [ 40.080657] kfree+0xf0/0x2f0 [ 40.083724] vfs_rename2+0x4f7/0x1800 [ 40.087486] SyS_rename+0x677/0x7b0 [ 40.091079] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.095792] Memory state around the buggy address: [ 40.100684] ffff8801cc3bc580: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 40.108005] ffff8801cc3bc600: fb fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 40.115327] >ffff8801cc3bc680: f