keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
==================================================================
BUG: Double free or freeing an invalid pointer
Unexpected shadow byte: 0xFB
CPU: 0 PID: 24860 Comm: syz-executor5 Not tainted 4.9.41-gdb02484 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8c37b70 ffffffff81d8f749 ffff8801da001b40 ffff8801d6a337e0
 ffff8801d6a337f0 ffffffff82a70aa8 0000000000000282 ffff8801c8c37b98
 ffffffff8153931c 00000000fffffffb ffff8801da001b40 ffff8801d6a337e0
Call Trace:
 [<ffffffff81d8f749>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d8f749>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153931c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff81539b53>] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181
 [<ffffffff81538f0d>] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562
 [<ffffffff81535a90>] slab_free_hook mm/slub.c:1355 [inline]
 [<ffffffff81535a90>] slab_free_freelist_hook mm/slub.c:1377 [inline]
 [<ffffffff81535a90>] slab_free mm/slub.c:2958 [inline]
 [<ffffffff81535a90>] kfree+0xf0/0x2f0 mm/slub.c:3878
 [<ffffffff82a70aa8>] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319
 [<ffffffff81567283>] __vfs_write+0x103/0x680 fs/read_write.c:510
 [<ffffffff8156b3b0>] vfs_write+0x170/0x4e0 fs/read_write.c:560
 [<ffffffff8156eda9>] SYSC_write fs/read_write.c:607 [inline]
 [<ffffffff8156eda9>] SyS_write+0xd9/0x1b0 fs/read_write.c:599
 [<ffffffff838a2985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801d6a337e0, in cache kmalloc-16 size: 16
Allocated:
PID = 24860
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 kzalloc include/linux/slab.h:636 [inline]
 keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243
 __vfs_write+0x103/0x680 fs/read_write.c:510
 vfs_write+0x170/0x4e0 fs/read_write.c:560
 SYSC_write fs/read_write.c:607 [inline]
 SyS_write+0xd9/0x1b0 fs/read_write.c:599
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 24864
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261
 __vfs_write+0x103/0x680 fs/read_write.c:510
 vfs_write+0x170/0x4e0 fs/read_write.c:560
 SYSC_write fs/read_write.c:607 [inline]
 SyS_write+0xd9/0x1b0 fs/read_write.c:599
 entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
keychord: invalid keycode count 0
binder: 24947:24950 ioctl 4b4a 20000000 returned -22
binder: 24947:24966 ioctl 4b4a 20000000 returned -22
ALSA: seq fatal error: cannot create timer (-22)
nla_parse: 20 callbacks suppressed
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pig=25226 comm=syz-executor5
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pig=25249 comm=syz-executor5
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
binder: 25395:25410 ioctl 4b45 20306000 returned -22
binder: 25395:25410 ioctl 540f 20105000 returned -22
binder: 25395:25410 ioctl 4b45 20306000 returned -22
binder: 25395:25454 ioctl 540f 20105000 returned -22
binder: 25532:25535 ioctl 5428 0 returned -22
binder: 25532:25549 ioctl 5428 0 returned -22
device syz3 entered promiscuous mode
device lo entered promiscuous mode
qtaguid: iface_stat: create(lo): no inet dev
qtaguid: iface_stat: create6(lo): no inet dev
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
qtaguid: iface_stat: create6(lo): no inet dev
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=25664 comm=syz-executor0
device syz3 left promiscuous mode
program syz-executor7 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=25664 comm=syz-executor0
device syz3 entered promiscuous mode
device lo left promiscuous mode
program syz-executor7 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
sg_write: data in/out 1729298428/132 bytes for SCSI command 0xfd-- guessing data in;
   program syz-executor4 not setting count and/or reply_len properly
tmpfs: Bad mount option "º®ä'Ã?ËwjÏXJÅóUâ;"La'íØÜ\´.“êçKm;j±´)dv-ÅVj¬h4GŸ)êvÜ×“¡´XæëH5³^]9³#‹T0u³xè“bÄå£°™m&²ËE¤ä}A¯VJ‹Õ…ªèÿ9
tmpfs: Bad mount option "º®ä'Ã?ËwjÏXJÅóUâ;"La'íØÜ\´.“êçKm;j±´)dv-ÅVj¬h4GŸ)êvÜ×“¡´XæëH5³^]9³#‹T0u³xè“bÄå£°™m&²ËE¤ä}A¯VJ‹Õ…ªèÿ9
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62705 sclass=netlink_route_socket pig=25909 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62705 sclass=netlink_route_socket pig=25928 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=25943 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=25943 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=25958 comm=syz-executor6
binder: 25999:26001 ioctl 8915 20856fe0 returned -22
binder: 25999:26001 ioctl 80404521 20000fe8 returned -22
binder: 25999:26001 ioctl 5411 20001ffc returned -22
binder: 25999:26010 ioctl 8915 20856fe0 returned -22
binder: 25999:26001 ioctl 80404521 20000fe8 returned -22
binder: 25999:26010 ioctl 5411 20001ffc returned -22
9pnet_virtio: no channels available for device ./bus
9pnet_virtio: no channels available for device ./bus
program syz-executor7 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26268 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26352 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26352 comm=syz-executor6
binder: 26410:26411 ioctl 40345410 2057cfcc returned -22
binder: 26410:26415 ioctl 40345410 2057cfcc returned -22
binder: 26436:26437 ioctl 4b35 7ffd returned -22
binder: 26436:26454 ioctl 4b35 7ffd returned -22
9pnet_virtio: no channels available for device ./bus
9pnet_virtio: no channels available for device ./bus
keychord: invalid keycode count 0
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
device lo entered promiscuous mode
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
nla_parse: 170 callbacks suppressed
netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'.
PF_BRIDGE: RTM_NEWNEIGH with invalid address
PF_BRIDGE: RTM_NEWNEIGH with invalid address
device lo entered promiscuous mode
selinux_nlmsg_perm: 6 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=27974 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=27998 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=28010 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=28044 comm=syz-executor6
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
binder: 28351:28354 ioctl 40044581 2074f000 returned -22