keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: Insufficient bytes present for keycount 238
==================================================================
BUG: Double free or freeing an invalid pointer
Unexpected shadow byte: 0xFB
CPU: 1 PID: 16201 Comm: syz-executor6 Not tainted 4.9.41-gdb02484 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff88019845fb70 ffffffff81d92609 ffff8801da001b40 ffff8801d1a8c080
 ffff8801d1a8c090 ffffffff82a73968 0000000000000282 ffff88019845fb98
 ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d1a8c080
Call Trace:
 [<ffffffff81d92609>] dump_stack+0xc1/0x128 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-integrity.c:49
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:4539
 [<ffffffff8153c9f3>] calculate_order /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3244 [inline]
 [<ffffffff8153c9f3>] kasan_report_double_free+0x53/0x80 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3506
 [<ffffffff8153bdad>] create_unique_id /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:5556 [inline]
 [<ffffffff8153bdad>] kasan_slab_free+0x9d/0xc0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:5590
 [<ffffffff81538930>] trace /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:972 [inline]
 [<ffffffff81538930>] kfree+0xf0/0x2f0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1085
 [<ffffffff82a73968>] keychord_write+0x628/0x820 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/input/misc/gpio_input.c:305
 [<ffffffff8156a133>] SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
 [<ffffffff8156a133>] __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
 [<ffffffff8156e260>] vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
 [<ffffffff81571c59>] SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
 [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801d1a8c080, in cache kmalloc-16 size: 16
Allocated:
PID = 16201
 save_stack_trace+0x16/0x20 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/kernel/stacktrace.c:57
 compound_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:146 [inline]
 virt_to_head_page /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/mm.h:557 [inline]
 build_detached_freelist /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3055 [inline]
 save_stack+0x43/0xd0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3085
 kasan_kmalloc+0xad/0xe0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3868
 compound_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:146 [inline]
 __SetPageSlab /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:265 [inline]
 allocate_slab /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1583 [inline]
 __kmalloc+0x11d/0x310 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1635
 keychord_write+0x6d/0x820 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/input/misc/gpio_input.c:130
 SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
 __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
 vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
 SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 16203
 save_stack_trace+0x16/0x20 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/kernel/stacktrace.c:57
 compound_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:146 [inline]
 virt_to_head_page /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/mm.h:557 [inline]
 build_detached_freelist /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3055 [inline]
 save_stack+0x43/0xd0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3085
 create_unique_id /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:5553 [inline]
 kasan_slab_free+0x73/0xc0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:5590
 trace /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:972 [inline]
 kfree+0xf0/0x2f0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1085
 keychord_write+0x15d/0x820 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/input/misc/gpio_input.c:60
 SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
 __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
 vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
 SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
 entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
keychord: Insufficient bytes present for keycount 238
binder: 16247:16248 ioctl 5473 207cd000 returned -22
binder: 16247:16248 ioctl 5473 207cd000 returned -22
binder: 16261:16270 ioctl 80045430 7f2556f1ec2c returned -22
binder: 16261:16270 ioctl c0286404 207e2fd8 returned -22
binder: 16261:16299 ioctl 80045430 7f2556edcc2c returned -22
binder: 16261:16299 ioctl c0286404 207e2fd8 returned -22
binder: 16457:16459 ioctl 401845ef 20480000 returned -22
selinux_nlmsg_perm: 19 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=16460 comm=syz-executor5
9pnet_virtio: no channels available for device ./bus
binder: 16457:16459 ioctl 401845ef 20480000 returned -22
9pnet_virtio: no channels available for device ./bus
binder: 16652:16654 ioctl 4c01 0 returned -22
binder: 16652:16668 ioctl 4c01 0 returned -22
IPVS: Creating netns size=2536 id=16
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
IPVS: Creating netns size=2536 id=17
binder: 16881:16883 ioctl 540f 2075f000 returned -22
binder: 16881:16883 ioctl 540f 20b2cffc returned -22
binder: 16881:16883 ioctl 8934 20993000 returned -22
binder: 16881:16883 ioctl c08c5332 20762000 returned -22
binder: 16881:16883 ioctl 5412 199 returned -22
binder: 16881:16883 ioctl 5417 2040cffc returned -22
binder: 16881:16913 ioctl 540f 2075f000 returned -22
binder: 16881:16883 ioctl 540f 20b2cffc returned -22
binder: 16881:16922 ioctl 8934 20993000 returned -22
binder: 16881:16883 ioctl c08c5332 20762000 returned -22
binder: 16881:16913 ioctl 5412 199 returned -22
binder: 16881:16922 ioctl 5417 2040cffc returned -22
nla_parse: 19 callbacks suppressed
netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'.
keychord: Insufficient bytes present for keycount 34
keychord: Insufficient bytes present for keycount 34
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17224 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17308 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=101 sclass=netlink_route_socket pig=17308 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17308 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=101 sclass=netlink_route_socket pig=17331 comm=syz-executor0
netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'.
9pnet_virtio: no channels available for device ./bus
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=45 sclass=netlink_xfrm_socket pig=17361 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=45 sclass=netlink_xfrm_socket pig=17387 comm=syz-executor3
binder: 17472:17476 ioctl 80045430 7f9be1824c2c returned -22
binder: 17472:17476 ioctl 80045430 7f9be1824c2c returned -22
netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 1 bytes leftover after parsing attributes in process `'+'.
netlink: 1 bytes leftover after parsing attributes in process `'+'.
binder: 17527:17531 ioctl 8953 208f4fbc returned -22
device lo left promiscuous mode
binder: 17527:17531 ioctl 8953 208f4fbc returned -22
9pnet_virtio: no channels available for device ./bus
9pnet_virtio: no channels available for device ./bus
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6405 sclass=netlink_route_socket pig=17612 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6405 sclass=netlink_route_socket pig=17612 comm=syz-executor5
netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'.
cgroup: cgroup2: unknown option ""
binder: 17992:17995 ioctl 4b6a 20df7fb3 returned -22
cgroup: cgroup2: unknown option ""
binder: 17992:17995 ioctl 4b6a 20df7fb3 returned -22