pktgen: Cannot create thread for cpu 1 (-4)
IPVS: Creating netns size=2536 id=10
keychord: unsupported version 40
keychord: unsupported version 40
==================================================================
BUG: Double free or freeing an invalid pointer
Unexpected shadow byte: 0xFB
CPU: 0 PID: 3668 Comm: syz-executor1 Not tainted 4.9.41-gdb02484 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ab4b7b70 ffffffff81d8f749 ffff8801da001b40 ffff8801d846e920
 ffff8801d846e930 ffffffff82a70aa8 0000000000000282 ffff8801ab4b7b98
 ffffffff8153931c 00000000fffffffb ffff8801da001b40 ffff8801d846e920
Call Trace:
 [<ffffffff81d8f749>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d8f749>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153931c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff81539b53>] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181
 [<ffffffff81538f0d>] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562
 [<ffffffff81535a90>] slab_free_hook mm/slub.c:1355 [inline]
 [<ffffffff81535a90>] slab_free_freelist_hook mm/slub.c:1377 [inline]
 [<ffffffff81535a90>] slab_free mm/slub.c:2958 [inline]
 [<ffffffff81535a90>] kfree+0xf0/0x2f0 mm/slub.c:3878
 [<ffffffff82a70aa8>] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319
 [<ffffffff81567283>] __vfs_write+0x103/0x680 fs/read_write.c:510
 [<ffffffff8156b3b0>] vfs_write+0x170/0x4e0 fs/read_write.c:560
 [<ffffffff8156eda9>] SYSC_write fs/read_write.c:607 [inline]
 [<ffffffff8156eda9>] SyS_write+0xd9/0x1b0 fs/read_write.c:599
 [<ffffffff838a2985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801d846e920, in cache kmalloc-16 size: 16
Allocated:
PID = 3668
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 kzalloc include/linux/slab.h:636 [inline]
 keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243
 __vfs_write+0x103/0x680 fs/read_write.c:510
 vfs_write+0x170/0x4e0 fs/read_write.c:560
 SYSC_write fs/read_write.c:607 [inline]
 SyS_write+0xd9/0x1b0 fs/read_write.c:599
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 3689
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261
 __vfs_write+0x103/0x680 fs/read_write.c:510
 vfs_write+0x170/0x4e0 fs/read_write.c:560
 SYSC_write fs/read_write.c:607 [inline]
 SyS_write+0xd9/0x1b0 fs/read_write.c:599
 entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: Double free or freeing an invalid pointer
Unexpected shadow byte: 0xFB
CPU: 1 PID: 3700 Comm: syz-executor1 Tainted: G    B           4.9.41-gdb02484 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ab507b70 ffffffff81d8f749 ffff8801da001b40 ffff8801d1b140c0
 ffff8801d1b140d0 ffffffff82a70aa8 0000000000000282 ffff8801ab507b98
 ffffffff8153931c 00000000fffffffb ffff8801da001b40 ffff8801d1b140c0
Call Trace:
 [<ffffffff81d8f749>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d8f749>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153931c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff81539b53>] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181
 [<ffffffff81538f0d>] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562
 [<ffffffff81535a90>] slab_free_hook mm/slub.c:1355 [inline]
 [<ffffffff81535a90>] slab_free_freelist_hook mm/slub.c:1377 [inline]
 [<ffffffff81535a90>] slab_free mm/slub.c:2958 [inline]
 [<ffffffff81535a90>] kfree+0xf0/0x2f0 mm/slub.c:3878
 [<ffffffff82a70aa8>] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319
 [<ffffffff81567283>] __vfs_write+0x103/0x680 fs/read_write.c:510
 [<ffffffff8156b3b0>] vfs_write+0x170/0x4e0 fs/read_write.c:560
 [<ffffffff8156eda9>] SYSC_write fs/read_write.c:607 [inline]
 [<ffffffff8156eda9>] SyS_write+0xd9/0x1b0 fs/read_write.c:599
 [<ffffffff838a2985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801d1b140c0, in cache kmalloc-16 size: 16
Allocated:
PID = 3700
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 kzalloc include/linux/slab.h:636 [inline]
 keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243
 __vfs_write+0x103/0x680 fs/read_write.c:510
 vfs_write+0x170/0x4e0 fs/read_write.c:560
 SYSC_write fs/read_write.c:607 [inline]
 SyS_write+0xd9/0x1b0 fs/read_write.c:599
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 3706
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261
 __vfs_write+0x103/0x680 fs/read_write.c:510
 vfs_write+0x170/0x4e0 fs/read_write.c:560
 SYSC_write fs/read_write.c:607 [inline]
 SyS_write+0xd9/0x1b0 fs/read_write.c:599
 entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=3801 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=3830 comm=syz-executor4
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: using input dev AT Translated Set 2 keyboard for fevent
mmap: syz-executor4 (3953) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
syz-executor1 uses obsolete (PF_INET,SOCK_PACKET)
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
binder: 4019:4027 ioctl 560a 20eafff4 returned -22
binder: 4019:4027 ioctl 4b35 7ffd returned -22
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
binder: 4019:4048 ioctl 560a 20eafff4 returned -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
binder: 4019:4027 ioctl 4b35 7ffd returned -22
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=8 sclass=netlink_tcpdiag_socket pig=4054 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=8 sclass=netlink_tcpdiag_socket pig=4083 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
device syz2 entered promiscuous mode
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
device syz2 left promiscuous mode
device syz2 entered promiscuous mode
keychord: Insufficient bytes present for keycount 186
keychord: Insufficient bytes present for keycount 186
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
IPv6: NLM_F_REPLACE set, but no existing node found!
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
IPv6: NLM_F_REPLACE set, but no existing node found!
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'.
sock: process `syz-executor1' is using obsolete getsockopt SO_BSDCOMPAT
device lo entered promiscuous mode
capability: warning: `syz-executor3' uses deprecated v2 capabilities in a way that may be insecure
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
IPVS: Creating netns size=2536 id=11
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
IPVS: Creating netns size=2536 id=12
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device syz0 entered promiscuous mode
device syz0 left promiscuous mode
device syz0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5020 comm=syz-executor7
device syz7 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5060 comm=syz-executor7
device syz7 left promiscuous mode
device syz7 entered promiscuous mode
device syz4 entered promiscuous mode
device  entered promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 70
CPU: 0 PID: 5177 Comm: syz-executor3 Tainted: G    B           4.9.41-gdb02484 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ab50fb50 ffffffff81d8f749 ffff8801ab50fe30 0000000000000000
 ffff8801a97da590 ffff8801ab50fd20 ffff8801a97da480 ffff8801ab50fd48
 ffffffff8165d5c8[   57.501186] ALSA: seq fatal error: cannot create timer (-19)
 ffff8801ab50fca0 0000000000000000 00000001cacc6067
 [<ffffffff81d8f749>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d8f749>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
ALSA: seq fatal error: cannot create timer (-19)
 [<ffffffff8165d5c8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
binder: 5209:5210 ioctl c0286404 207e2fd8 returned -22
binder: 5209:5211 ioctl c0286404 207e2fd8 returned -22
 [<ffffffff814cc4ea>] do_anonymous_page mm/memory.c:2746 [inline]
 [<ffffffff814cc4ea>] handle_pte_fault mm/memory.c:3487 [inline]
 [<ffffffff814cc4ea>] __handle_mm_fault mm/memory.c:3576 [inline]
 [<ffffffff814cc4ea>] handle_mm_fault+0x1faa/0x2510 mm/memory.c:3613
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838a3b58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
device syz4 left promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 70
CPU: 0 PID: 5177 Comm: syz-executor3 Tainted: G    B           4.9.41-gdb02484 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ab50fb50 ffffffff81d8f749 ffff8801ab50fe30 0000000000000000[   57.670113] device syz4 entered promiscuous mode
 ffff8801a97da710 ffff8801ab50fd20 ffff8801a97da600 ffff8801ab50fd48
 ffffffff8165d5c8 ffff8801ab50fca0 ffff8801c7867890 00000001ac837067
Call Trace:
 [<ffffffff81d8f749>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d8f749>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165d5c8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cc4ea>] do_anonymous_page mm/memory.c:2746 [inline]
 [<ffffffff814cc4ea>] handle_pte_fault mm/memory.c:3487 [inline]
 [<ffffffff814cc4ea>] __handle_mm_fault mm/memory.c:3576 [inline]
 [<ffffffff814cc4ea>] handle_mm_fault+0x1faa/0x2510 mm/memory.c:3613
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838a3b58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
device  left promiscuous mode
device syz4 left promiscuous mode
device syz4 entered promiscuous mode
device syz4 left promiscuous mode
device lo entered promiscuous mode
device syz4 entered promiscuous mode
selinux_nlmsg_perm: 5 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56267 sclass=netlink_route_socket pig=5415 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56267 sclass=netlink_route_socket pig=5415 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60265 sclass=netlink_route_socket pig=5531 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60265 sclass=netlink_route_socket pig=5540 comm=syz-executor5
binder: 5590:5591 ioctl 540f 20002ffc returned -22
binder: 5590:5591 ioctl 540f 20002ffc returned -22
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
nla_parse: 11 callbacks suppressed
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'.
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
binder: 6173:6179 ioctl 8010aa02 20c5cff0 returned -22
binder: 6173:6179 ioctl c0086420 2029e000 returned -22
binder: 6173:6179 ioctl 4008642b 20d3d000 returned -22
binder: 6173:6198 ioctl 8010aa02 20c5cff0 returned -22
binder: 6173:6179 ioctl c0086420 2029e000 returned -22
binder: 6173:6198 ioctl 4008642b 20d3d000 returned -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6199 comm=syz-executor3
device syz3 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6243 comm=syz-executor3
device syz3 left promiscuous mode
device syz3 entered promiscuous mode
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
9pnet_virtio: no channels available for device ./bus
9pnet_virtio: no channels available for device ./bus
device syz2 left promiscuous mode
sock: process `syz-executor5' is using obsolete setsockopt SO_BSDCOMPAT
device  entered promiscuous mode
device  left promiscuous mode
device  entered promiscuous mode
device  left promiscuous mode