Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 44.415566][ T7479] binder: 7479:7479 transaction failed 29189/-22, size 0-8 line 2994 [ 44.416631][ T7484] binder: 7484:7484 transaction failed 29189/-22, size 0-8 line 2994 [ 44.428770][ T7485] binder: 7485:7485 transaction failed 29189/-22, size 0-8 line 2994 [ 44.434557][ T7486] binder: 7486:7486 transaction failed 29189/-22, size 0-8 line 2994 [ 44.443029][ T7487] binder: 7487:7487 transaction failed 29189/-22, size 0-8 line 2994 [ 44.450317][ T12] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program executing program [ 44.457940][ T7488] ------------[ cut here ]------------ [ 44.467012][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.467996][ T7488] kernel BUG at drivers/android/binder_alloc.c:1141! [ 44.469549][ T7479] binder: BINDER_SET_CONTEXT_MGR already set [ 44.484239][ T7488] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 44.487433][ T7479] binder: 7479:7479 ioctl 40046207 0 returned -16 [ 44.493226][ T7488] CPU: 0 PID: 7488 Comm: syz-executor188 Not tainted 5.0.0-next-20190306 #4 [ 44.493234][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.493253][ T7488] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 44.493264][ T7488] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 8f ed 23 fc 4c 89 e6 4c 89 ef e8 a4 ee 23 fc 4d 39 e5 76 07 e8 7a ed 23 fc <0f> 0b e8 73 ed 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 81 [ 44.493270][ T7488] RSP: 0018:ffff88808eff7550 EFLAGS: 00010293 [ 44.503812][ T7491] binder_alloc: 7486: binder_alloc_buf, no vma [ 44.508312][ T7488] RAX: ffff888095aa6540 RBX: 0000000020004000 RCX: ffffffff854ca6ac executing program [ 44.508320][ T7488] RDX: 0000000000000000 RSI: ffffffff854ca6b6 RDI: 0000000000000006 [ 44.508328][ T7488] RBP: ffff88808eff75d0 R08: ffff888095aa6540 R09: 0000000000000028 [ 44.508334][ T7488] R10: ffffed1011dfef01 R11: ffff88808eff780f R12: 0000000000000008 [ 44.508346][ T7488] R13: 0000000000000028 R14: ffff888087812b10 R15: 0000000000000000 [ 44.518521][ T7491] binder: 7491:7491 transaction failed 29189/-3, size 0-8 line 3147 [ 44.524853][ T7488] FS: 0000000000aa0940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 executing program [ 44.524862][ T7488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.524869][ T7488] CR2: 0000000000000000 CR3: 000000009a6a3000 CR4: 00000000001406f0 [ 44.524879][ T7488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.524886][ T7488] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.524889][ T7488] Call Trace: [ 44.524912][ T7488] ? memcpy+0x46/0x50 [ 44.545413][ T7491] binder: BINDER_SET_CONTEXT_MGR already set [ 44.550539][ T7488] binder_alloc_copy_from_buffer+0x37/0x42 executing program [ 44.550559][ T7488] binder_get_object+0xc3/0x200 [ 44.556993][ T7491] binder: 7491:7491 ioctl 40046207 0 returned -16 [ 44.564633][ T7488] binder_transaction+0x2b4a/0x6690 [ 44.564670][ T7488] ? binder_thread_read+0x3d50/0x3d50 [ 44.564683][ T7488] ? __lock_acquire+0x548/0x3fb0 [ 44.564700][ T7488] ? __might_fault+0x12b/0x1e0 [ 44.576917][ T7492] binder_alloc: 7486: binder_alloc_buf, no vma [ 44.580706][ T7488] ? lock_downgrade+0x880/0x880 [ 44.580726][ T7488] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 executing program executing program executing program [ 44.588781][ T7492] binder: 7492:7492 transaction failed 29189/-3, size 0-8 line 3147 [ 44.596621][ T7488] ? _copy_from_user+0xdd/0x150 [ 44.596639][ T7488] binder_thread_write+0x64a/0x2820 [ 44.596656][ T7488] ? binder_transaction+0x6690/0x6690 [ 44.596667][ T7488] ? __might_fault+0x12b/0x1e0 [ 44.596690][ T7488] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.605599][ T7492] binder: BINDER_SET_CONTEXT_MGR already set [ 44.613540][ T7488] ? _copy_from_user+0xdd/0x150 [ 44.613557][ T7488] binder_ioctl+0x1033/0x183b executing program executing program [ 44.613573][ T7488] ? binder_thread_write+0x2820/0x2820 [ 44.613584][ T7488] ? tomoyo_path_number_perm+0x263/0x520 [ 44.613600][ T7488] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 44.620592][ T7492] binder: 7492:7492 ioctl 40046207 0 returned -16 [ 44.628122][ T7488] ? binder_thread_write+0x2820/0x2820 [ 44.628137][ T7488] do_vfs_ioctl+0xd6e/0x1390 [ 44.628151][ T7488] ? ioctl_preallocate+0x210/0x210 [ 44.628163][ T7488] ? __do_page_fault+0x623/0xda0 [ 44.628181][ T7488] ? lock_downgrade+0x880/0x880 [ 44.640490][ T7493] binder_alloc: 7486: binder_alloc_buf, no vma executing program executing program executing program [ 44.644107][ T7488] ? tomoyo_file_ioctl+0x23/0x30 [ 44.644121][ T7488] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.644135][ T7488] ? security_file_ioctl+0x93/0xc0 [ 44.644148][ T7488] ksys_ioctl+0xab/0xd0 [ 44.644164][ T7488] __x64_sys_ioctl+0x73/0xb0 [ 44.647721][ T7493] binder: 7493:7493 transaction failed 29189/-3, size 0-8 line 3147 [ 44.651381][ T7488] do_syscall_64+0x103/0x610 [ 44.651395][ T7488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.651426][ T7488] RIP: 0033:0x445689 [ 44.657991][ T7493] binder: BINDER_SET_CONTEXT_MGR already set [ 44.663155][ T7488] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 44.663163][ T7488] RSP: 002b:00007ffc2ad6c608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.663174][ T7488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445689 [ 44.663181][ T7488] RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003 executing program [ 44.663188][ T7488] RBP: 0000000000000000 R08: 0000000000000004 R09: 00000000004028b0 [ 44.663194][ T7488] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402820 [ 44.663200][ T7488] R13: 00000000004028b0 R14: 0000000000000000 R15: 0000000000000000 [ 44.663211][ T7488] Modules linked in: [ 44.668413][ T7493] binder: 7493:7493 ioctl 40046207 0 returned -16 [ 44.674665][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.681412][ T7488] ---[ end trace eae4d5ab025ae256 ]--- [ 44.685537][ T7489] binder: 7489:7489 transaction failed 29189/-22, size 0-8 line 2994 [ 44.690316][ T7488] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 44.695006][ T7490] binder: 7490:7490 transaction failed 29189/-22, size 0-8 line 2994 [ 44.701237][ T7488] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 8f ed 23 fc 4c 89 e6 4c 89 ef e8 a4 ee 23 fc 4d 39 e5 76 07 e8 7a ed 23 fc <0f> 0b e8 73 ed 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 81 [ 44.707926][ T7487] binder: BINDER_SET_CONTEXT_MGR already set [ 44.713414][ T7488] RSP: 0018:ffff88808eff7550 EFLAGS: 00010293 [ 44.720703][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.728819][ T7489] binder: BINDER_SET_CONTEXT_MGR already set [ 44.732394][ T7487] binder: 7487:7487 ioctl 40046207 0 returned -16 [ 44.736809][ T7489] binder: 7489:7489 ioctl 40046207 0 returned -16 [ 44.740489][ T7490] binder: BINDER_SET_CONTEXT_MGR already set [ 44.746905][ T7488] RAX: ffff888095aa6540 RBX: 0000000020004000 RCX: ffffffff854ca6ac [ 44.756043][ T7494] binder_alloc: 7495: binder_alloc_buf, no vma [ 44.762239][ T7488] RDX: 0000000000000000 RSI: ffffffff854ca6b6 RDI: 0000000000000006 [ 44.763327][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.771780][ T7488] RBP: ffff88808eff75d0 R08: ffff888095aa6540 R09: 0000000000000028 [ 44.774524][ T7494] binder: BINDER_SET_CONTEXT_MGR already set [ 44.779778][ T7497] binder_alloc: 7495: binder_alloc_buf, no vma [ 44.786220][ T7496] binder_alloc: 7498: binder_alloc_buf, no vma [ 44.791754][ T7490] binder: 7490:7490 ioctl 40046207 0 returned -16 [ 44.796268][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.803904][ T7488] R10: ffffed1011dfef01 R11: ffff88808eff780f R12: 0000000000000008 [ 44.806443][ T7494] binder: 7494:7494 ioctl 40046207 0 returned -16 [ 44.813894][ T7488] R13: 0000000000000028 R14: ffff888087812b10 R15: 0000000000000000 [ 44.817961][ T7496] binder: BINDER_SET_CONTEXT_MGR already set [ 44.827284][ T7488] FS: 0000000000aa0940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 44.830658][ T7499] binder_alloc: 7497: binder_alloc_buf, no vma [ 44.836959][ T7488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.838327][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.844332][ T7488] CR2: 00000000006d0090 CR3: 000000009a6a3000 CR4: 00000000001406e0 [ 44.850858][ T7499] binder: BINDER_SET_CONTEXT_MGR already set [ 44.855094][ T7500] binder_alloc: 7497: binder_alloc_buf, no vma [ 44.860978][ T7499] binder: 7499:7499 ioctl 40046207 0 returned -16 [ 44.865409][ T7496] binder: 7496:7496 ioctl 40046207 0 returned -16 [ 44.870870][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.890722][ T7501] binder_alloc: 7497: binder_alloc_buf, no vma [ 44.900065][ T7488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.907629][ T7500] binder: BINDER_SET_CONTEXT_MGR already set [ 44.915833][ T7488] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.923055][ T7500] binder: 7500:7500 ioctl 40046207 0 returned -16 [ 44.933075][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.939489][ T7502] binder_alloc: 7497: binder_alloc_buf, no vma [ 44.942996][ T7488] Kernel panic - not syncing: Fatal exception [ 44.950701][ T7501] binder: BINDER_SET_CONTEXT_MGR already set [ 44.956376][ T7488] Kernel Offset: disabled [ 45.275539][ T7488] Rebooting in 86400 seconds..