Pseudo-terminal will not be allocated because stdin is not a terminal. Warning: Permanently added 'ci-android-49-kasan-gce-3,10.128.0.4' (ECDSA) to the list of known hosts. Warning: Permanently added '[ssh-serialport.googleapis.com]:9600,[216.239.38.127]:9600' (RSA) to the list of known hosts. 2017/07/22 06:16:09 parsed 1 programs 2017/07/22 06:16:09 executed programs: 0 serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-3 port 1 (session ID: 991ac6dd7d74e0ab00fe3afd73e8b65410b9c4803b0214e405cf46c1252b81ec, active connections: 1). INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.890830] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 51.892213] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 51.965741] ================================================================== [ 51.974967] BUG: Double free or freeing an invalid pointer [ 51.980570] Unexpected shadow byte: 0xFB [ 51.984630] CPU: 1 PID: 3412 Comm: syz-executor3 Not tainted 4.9.39-g5b07c2d #4 [ 51.992050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.003899] ffff8801ca1e7b70 ffffffff81eacd59 ffff8801dac01c80 ffff8801cbc637b0 [ 52.011865] ffff8801cbc637b8 ffffffff82b495cc 0000000000000282 ffff8801ca1e7b98 [ 52.019834] ffffffff81546bfc 00000000fffffffb ffff8801dac01c80 ffff8801cbc637b0 [ 52.027806] Call Trace: [ 52.030368] [] dump_stack+0xc1/0x128 [ 52.035702] [] ? keychord_write+0x5fc/0x7d0 [ 52.041639] [] kasan_object_err+0x1c/0x70 [ 52.047525] [] kasan_report_double_free+0x44/0x60 [ 52.054133] [] kasan_slab_free+0x9d/0xc0 [ 52.059838] [] kfree+0xf0/0x2f0 [ 52.064739] [] keychord_write+0x5fc/0x7d0 [ 52.070516] [] ? keychord_read+0x4f0/0x4f0 [ 52.076387] [] __vfs_write+0xfb/0x660 [ 52.081823] [] ? check_preemption_disabled+0x3b/0x200 [ 52.088645] [] ? default_llseek+0x290/0x290 [ 52.094594] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 52.101316] [] ? common_file_perm+0x14f/0x390 [ 52.107426] [] ? apparmor_file_permission+0x22/0x30 [ 52.114056] [] ? security_file_permission+0x89/0x1e0 [ 52.120772] [] ? rw_verify_area+0xe5/0x2b0 [ 52.126619] [] vfs_write+0x170/0x4e0 [ 52.131953] [] SyS_write+0xd4/0x1a0 [ 52.137193] [] ? SyS_read+0x1a0/0x1a0 [ 52.142608] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 52.149414] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.155959] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.162507] Object at ffff8801cbc637b0, in cache kmalloc-8 size: 8 [ 52.168792] Allocated: [ 52.171251] PID = 3412 [ 52.173721] save_stack_trace+0x16/0x20 [ 52.177657] save_stack+0x43/0xd0 [ 52.181074] kasan_kmalloc+0xad/0xe0 [ 52.184751] __kmalloc+0x128/0x320 [ 52.188255] keychord_write+0x6d/0x7d0 [ 52.192104] __vfs_write+0xfb/0x660 [ 52.195691] vfs_write+0x170/0x4e0 [ 52.199194] SyS_write+0xd4/0x1a0 [ 52.202610] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.207324] Freed: [ 52.209436] PID = 3422 [ 52.211896] save_stack_trace+0x16/0x20 [ 52.215832] save_stack+0x43/0xd0 [ 52.219245] kasan_slab_free+0x73/0xc0 [ 52.223093] kfree+0xf0/0x2f0 [ 52.226159] keychord_write+0x150/0x7d0 [ 52.230095] __vfs_write+0xfb/0x660 [ 52.233685] vfs_write+0x170/0x4e0 [ 52.237198] SyS_write+0xd4/0x1a0 [ 52.240624] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.245347] ================================================================== [ 52.252667] Disabling lock debugging due to kernel taint [ 52.258082] ================================================================== [ 52.258656] keychord: using input dev AT Translated Set 2 keyboard for fevent [ 52.272699] BUG: Double free or freeing an invalid pointer [ 52.278289] Unexpected shadow byte: 0xFB [ 52.282315] CPU: 0 PID: 3416 Comm: syz-executor7 Tainted: G B 4.9.39-g5b07c2d #4 [ 52.290941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.300258] ffff8801c99f7b70 ffffffff81eacd59 ffff8801dac01c80 ffff8801cc7e65a0 [ 52.308204] ffff8801cc7e65a8 ffffffff82b495cc 0000000000000282 ffff8801c99f7b98 [ 52.316152] ffffffff81546bfc 00000000fffffffb ffff8801dac01c80 ffff8801cc7e65a0 [ 52.324095] Call Trace: [ 52.326652] [] dump_stack+0xc1/0x128 [ 52.331986] [] ? keychord_write+0x5fc/0x7d0 [ 52.337922] [] kasan_object_err+0x1c/0x70 [ 52.343685] [] kasan_report_double_free+0x44/0x60 [ 52.350140] [] kasan_slab_free+0x9d/0xc0 [ 52.355812] [] kfree+0xf0/0x2f0 [ 52.360706] [] keychord_write+0x5fc/0x7d0 [ 52.366474] [] ? keychord_read+0x4f0/0x4f0 [ 52.372322] [] __vfs_write+0xfb/0x660 [ 52.377744] [] ? check_preemption_disabled+0x3b/0x200 [ 52.384545] [] ? default_llseek+0x290/0x290 [ 52.390481] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 52.397201] [] ? common_file_perm+0x14f/0x390 [ 52.403307] [] ? apparmor_file_permission+0x22/0x30 [ 52.409942] [] ? security_file_permission+0x89/0x1e0 [ 52.416656] [] ? rw_verify_area+0xe5/0x2b0 [ 52.422504] [] vfs_write+0x170/0x4e0 [ 52.427831] [] SyS_write+0xd4/0x1a0 [ 52.433070] [] ? SyS_read+0x1a0/0x1a0 [ 52.438486] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 52.445297] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.451842] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.458383] Object at ffff8801cc7e65a0, in cache kmalloc-8 size: 8 [ 52.464661] Allocated: [ 52.467117] PID = 3416 [ 52.469610] save_stack_trace+0x16/0x20 [ 52.473549] save_stack+0x43/0xd0 [ 52.476966] kasan_kmalloc+0xad/0xe0 [ 52.480642] __kmalloc+0x128/0x320 [ 52.484144] keychord_write+0x6d/0x7d0 [ 52.487991] __vfs_write+0xfb/0x660 [ 52.491581] vfs_write+0x170/0x4e0 [ 52.495081] SyS_write+0xd4/0x1a0 [ 52.498498] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.503213] Freed: [ 52.505326] PID = 3433 [ 52.507786] save_stack_trace+0x16/0x20 [ 52.511722] save_stack+0x43/0xd0 [ 52.515146] kasan_slab_free+0x73/0xc0 [ 52.518995] kfree+0xf0/0x2f0 [ 52.522062] keychord_write+0x150/0x7d0 [ 52.525998] __vfs_write+0xfb/0x660 [ 52.529587] vfs_write+0x170/0x4e0 [ 52.533088] SyS_write+0xd4/0x1a0 [ 52.536504] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.541221] ================================================================== [ 52.548545] ================================================================== [ 52.555909] BUG: Double free or freeing an invalid pointer [ 52.561507] Unexpected shadow byte: 0xFB [ 52.565536] CPU: 1 PID: 3414 Comm: syz-executor1 Tainted: G B 4.9.39-g5b07c2d #4 [ 52.574163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.583499] ffff8801c9b1fb70 ffffffff81eacd59 ffff8801dac01c80 ffff8801cc7e6600 [ 52.591447] ffff8801cc7e6608 ffffffff82b495cc 0000000000000282 ffff8801c9b1fb98 [ 52.599390] ffffffff81546bfc 00000000fffffffb ffff8801dac01c80 ffff8801cc7e6600 [ 52.607329] Call Trace: [ 52.609884] [] dump_stack+0xc1/0x128 [ 52.615225] [] ? keychord_write+0x5fc/0x7d0 [ 52.621163] [] kasan_object_err+0x1c/0x70 [ 52.626934] [] kasan_report_double_free+0x44/0x60 [ 52.633389] [] kasan_slab_free+0x9d/0xc0 [ 52.639064] [] kfree+0xf0/0x2f0 [ 52.643968] [] keychord_write+0x5fc/0x7d0 [ 52.649728] [] ? keychord_read+0x4f0/0x4f0 [ 52.655575] [] __vfs_write+0xfb/0x660 [ 52.660990] [] ? check_preemption_disabled+0x3b/0x200 [ 52.667796] [] ? default_llseek+0x290/0x290 [ 52.673745] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 52.680462] [] ? common_file_perm+0x14f/0x390 [ 52.686571] [] ? apparmor_file_permission+0x22/0x30 [ 52.693201] [] ? security_file_permission+0x89/0x1e0 [ 52.699921] [] ? rw_verify_area+0xe5/0x2b0 [ 52.705766] [] vfs_write+0x170/0x4e0 [ 52.711094] [] SyS_write+0xd4/0x1a0 [ 52.716334] [] ? SyS_read+0x1a0/0x1a0 [ 52.721749] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 52.728553] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.735106] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.741648] Object at ffff8801cc7e6600, in cache kmalloc-8 size: 8 [ 52.747927] Allocated: [ 52.750385] PID = 3414 [ 52.752849] save_stack_trace+0x16/0x20 [ 52.756785] save_stack+0x43/0xd0 [ 52.760202] kasan_kmalloc+0xad/0xe0 [ 52.763878] __kmalloc+0x128/0x320 [ 52.767383] keychord_write+0x6d/0x7d0 [ 52.771234] __vfs_write+0xfb/0x660 [ 52.774824] vfs_write+0x170/0x4e0 [ 52.778329] SyS_write+0xd4/0x1a0 [ 52.781748] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.786463] Freed: [ 52.788574] PID = 3425 [ 52.791044] save_stack_trace+0x16/0x20 [ 52.794980] save_stack+0x43/0xd0 [ 52.798394] kasan_slab_free+0x73/0xc0 [ 52.802243] kfree+0xf0/0x2f0 [ 52.805311] keychord_write+0x150/0x7d0 [ 52.809247] __vfs_write+0xfb/0x660 [ 52.812835] vfs_write+0x170/0x4e0 [ 52.816345] SyS_write+0xd4/0x1a0 [ 52.819762] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.824476] ================================================================== [ 52.831803] ================================================================== [ 52.839169] BUG: Double free or freeing an invalid pointer [ 52.844763] Unexpected shadow byte: 0xFB [ 52.848793] CPU: 0 PID: 3415 Comm: syz-executor5 Tainted: G B 4.9.39-g5b07c2d #4 [ 52.857417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.866734] ffff8801c9b3fb70 ffffffff81eacd59 ffff8801dac01c80 ffff8801cc7e65d0 [ 52.874678] ffff8801cc7e65d8 ffffffff82b495cc 0000000000000282 ffff8801c9b3fb98 [ 52.882617] ffffffff81546bfc 00000000fffffffb ffff8801dac01c80 ffff8801cc7e65d0 [ 52.890560] Call Trace: [ 52.893120] [] dump_stack+0xc1/0x128 [ 52.898449] [] ? keychord_write+0x5fc/0x7d0 [ 52.904384] [] kasan_object_err+0x1c/0x70 [ 52.910147] [] kasan_report_double_free+0x44/0x60 [ 52.916599] [] kasan_slab_free+0x9d/0xc0 [ 52.922273] [] kfree+0xf0/0x2f0 [ 52.927172] [] keychord_write+0x5fc/0x7d0 [ 52.932932] [] ? keychord_read+0x4f0/0x4f0 [ 52.938779] [] __vfs_write+0xfb/0x660 [ 52.944193] [] ? check_preemption_disabled+0x3b/0x200 [ 52.950993] [] ? default_llseek+0x290/0x290 [ 52.956928] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 52.963645] [] ? common_file_perm+0x14f/0x390