[ 36.167227] audit: type=1800 audit(1552004653.852:30): pid=7537 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 62.568893] binder: BINDER_SET_CONTEXT_MGR already set [ 62.574910] binder: 7698:7703 ioctl 40046207 0 returned -16 [ 62.575739] binder: BINDER_SET_CONTEXT_MGR already set [ 62.586272] binder: 7699:7704 ioctl 40046207 0 returned -16 [ 62.586293] binder: BINDER_SET_CONTEXT_MGR already set [ 62.597442] binder: BINDER_SET_CONTEXT_MGR already set [ 62.598571] binder: 7701:7707 ioctl 40046207 0 returned -16 [ 62.603103] binder: BINDER_SET_CONTEXT_MGR already set [ 62.608749] binder: 7702:7706 ioctl 40046207 0 returned -16 [ 62.614482] binder: BINDER_SET_CONTEXT_MGR already set [ 62.622076] binder: 7698:7709 ioctl 40046207 0 returned -16 [ 62.625818] binder: BINDER_SET_CONTEXT_MGR already set [ 62.636233] binder: 7692:7708 ioctl 40046207 0 returned -16 [ 62.637427] binder: 7700:7705 ioctl 40046207 0 returned -16 [ 62.642042] binder: BINDER_SET_CONTEXT_MGR already set [ 62.653051] binder: BINDER_SET_CONTEXT_MGR already set [ 62.654232] binder: 7699:7710 ioctl 40046207 0 returned -16 [ 62.658396] binder: BINDER_SET_CONTEXT_MGR already set [ 62.658422] binder: 7702:7712 ioctl 40046207 0 returned -16 [ 62.658672] binder_alloc: 7692: binder_alloc_buf, no vma [ 62.665179] binder: 7701:7711 ioctl 40046207 0 returned -16 [ 62.670726] binder: BINDER_SET_CONTEXT_MGR already set [ 62.682337] binder: 7698:7703 transaction failed 29189/-3, size 0-32 line 3147 [ 62.687489] binder_alloc: 7692: binder_alloc_buf, no vma [ 62.702036] binder: 7700:7714 ioctl 40046207 0 returned -16 [ 62.707026] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program [ 62.711335] binder_alloc: 7692: binder_alloc_buf, no vma [ 62.718926] binder: 7692:7697 transaction failed 29189/-3, size 0-32 line 3147 [ 62.724419] binder_alloc: 7692: binder_alloc_buf, no vma [ 62.731426] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.735699] binder: 7702:7706 transaction failed 29189/-3, size 0-32 line 3147 [ 62.744287] binder: BINDER_SET_CONTEXT_MGR already set [ 62.748999] binder_alloc: 7692: binder_alloc_buf, no vma [ 62.755877] binder: BINDER_SET_CONTEXT_MGR already set [ 62.759682] binder_alloc: 7692: binder_alloc_buf, no vma executing program executing program [ 62.766544] binder: 7715:7718 ioctl 40046207 0 returned -16 [ 62.770328] binder: 7701:7707 transaction failed 29189/-3, size 0-32 line 3147 [ 62.776038] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.784778] binder: 7700:7705 transaction failed 29189/-3, size 0-32 line 3147 [ 62.789492] binder_alloc: 7715: binder_alloc_buf, no vma [ 62.797027] binder: 7699:7704 transaction failed 29189/-3, size 0-32 line 3147 [ 62.802695] binder: 7717:7719 ioctl 40046207 0 returned -16 executing program executing program [ 62.816259] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.820051] binder: BINDER_SET_CONTEXT_MGR already set [ 62.823621] binder: 7715:7716 transaction failed 29189/-3, size 0-32 line 3147 [ 62.829424] binder: 7720:7723 ioctl 40046207 0 returned -16 [ 62.836047] binder: BINDER_SET_CONTEXT_MGR already set [ 62.846873] binder: BINDER_SET_CONTEXT_MGR already set [ 62.848369] binder: 7722:7726 ioctl 40046207 0 returned -16 [ 62.854387] binder: 7724:7728 ioctl 40046207 0 returned -16 [ 62.858505] binder: undelivered TRANSACTION_ERROR: 29189 executing program [ 62.863967] binder: BINDER_SET_CONTEXT_MGR already set [ 62.875028] binder: 7717:7730 ioctl 40046207 0 returned -16 [ 62.875050] binder: BINDER_SET_CONTEXT_MGR already set [ 62.886422] binder: BINDER_SET_CONTEXT_MGR already set [ 62.887455] binder: 7720:7729 ioctl 40046207 0 returned -16 [ 62.892353] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.897589] binder: 7720:7723 transaction failed 29189/-22, size 0-32 line 2994 [ 62.903438] binder: BINDER_SET_CONTEXT_MGR already set executing program [ 62.910868] binder: 7725:7727 ioctl 40046207 0 returned -16 [ 62.916123] binder: BINDER_SET_CONTEXT_MGR already set [ 62.921870] binder: 7731:7733 ioctl 40046207 0 returned -16 [ 62.928453] ------------[ cut here ]------------ [ 62.937656] kernel BUG at drivers/android/binder_alloc.c:1141! [ 62.939067] binder: BINDER_SET_CONTEXT_MGR already set [ 62.949075] binder: 7738:7739 ioctl 40046207 0 returned -16 [ 62.949568] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.949785] ------------[ cut here ]------------ [ 62.955742] ------------[ cut here ]------------ [ 62.960759] kernel BUG at drivers/android/binder_alloc.c:1141! [ 62.965494] kernel BUG at drivers/android/binder_alloc.c:1141! [ 62.965810] binder: BINDER_SET_CONTEXT_MGR already set [ 62.976540] binder: 7731:7736 ioctl 40046207 0 returned -16 [ 62.982884] ------------[ cut here ]------------ [ 62.988364] ------------[ cut here ]------------ [ 62.993513] kernel BUG at drivers/android/binder_alloc.c:1141! [ 62.998469] kernel BUG at drivers/android/binder_alloc.c:1141! [ 63.004164] binder: BINDER_SET_CONTEXT_MGR already set [ 63.009746] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 63.015728] binder: 7724:7734 ioctl 40046207 0 returned -16 [ 63.020445] CPU: 1 PID: 7733 Comm: syz-executor625 Not tainted 5.0.0+ #11 [ 63.020451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.020468] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 63.020482] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 63.072386] RSP: 0018:ffff888088d17550 EFLAGS: 00010293 [ 63.077729] RAX: ffff88808eb38000 RBX: 0000000020001080 RCX: ffffffff8546cf0c [ 63.085116] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 63.092385] RBP: ffff888088d175d0 R08: ffff88808eb38000 R09: 0000000000000028 [ 63.099652] R10: ffffed10111a2f01 R11: ffff888088d1780f R12: 0000000000000020 [ 63.106927] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 63.114198] FS: 00007ff3041bb700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 63.122421] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.128294] CR2: 00007ff304178db8 CR3: 0000000086fc0000 CR4: 00000000001406e0 [ 63.135560] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.142825] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.150103] Call Trace: [ 63.152699] ? memcpy+0x46/0x50 [ 63.155980] binder_alloc_copy_from_buffer+0x37/0x42 [ 63.161106] binder_get_object+0xc3/0x200 [ 63.165254] binder_transaction+0x2b4a/0x6690 [ 63.169786] ? binder_thread_read+0x3d20/0x3d20 [ 63.174460] ? __lock_acquire+0x548/0x3fb0 [ 63.178704] ? __might_fault+0x12b/0x1e0 [ 63.182766] ? lock_downgrade+0x880/0x880 [ 63.186926] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.192464] ? _copy_from_user+0xdd/0x150 [ 63.196619] binder_thread_write+0x64a/0x2820 [ 63.201123] ? binder_transaction+0x6690/0x6690 [ 63.205799] ? __might_fault+0x12b/0x1e0 [ 63.209873] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.215413] ? _copy_from_user+0xdd/0x150 [ 63.219561] binder_ioctl+0x1033/0x183b [ 63.223536] ? binder_thread_write+0x2820/0x2820 [ 63.228289] ? __lock_acquire+0x548/0x3fb0 [ 63.232528] ? do_futex+0x178/0x1d50 [ 63.236245] ? __fget+0x340/0x540 [ 63.239705] ? binder_thread_write+0x2820/0x2820 [ 63.244464] do_vfs_ioctl+0xd6e/0x1390 [ 63.248355] ? ioctl_preallocate+0x210/0x210 [ 63.252764] ? __fget+0x367/0x540 [ 63.256218] ? ksys_dup3+0x3e0/0x3e0 [ 63.259939] ? __x64_sys_futex+0x404/0x590 [ 63.264178] ? security_file_ioctl+0x93/0xc0 [ 63.268586] ksys_ioctl+0xab/0xd0 [ 63.272040] __x64_sys_ioctl+0x73/0xb0 [ 63.275933] do_syscall_64+0x103/0x610 [ 63.279825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.285013] RIP: 0033:0x44aa09 [ 63.288202] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.307101] RSP: 002b:00007ff3041bace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.314807] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 63.322073] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 63.329338] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 63.336600] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 63.343864] R13: 00007ffcbd6c7cff R14: 00007ff3041bb9c0 R15: 0000000000000000 [ 63.351136] Modules linked in: [ 63.354347] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 63.359729] CPU: 0 PID: 7728 Comm: syz-executor625 Tainted: G D 5.0.0+ #11 [ 63.368036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.377397] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 63.383190] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 63.402098] RSP: 0018:ffff88809a80f550 EFLAGS: 00010293 [ 63.407460] RAX: ffff88808eb8a340 RBX: 0000000020001040 RCX: ffffffff8546cf0c [ 63.414726] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 63.421996] RBP: ffff88809a80f5d0 R08: ffff88808eb8a340 R09: 0000000000000028 [ 63.429262] R10: ffffed1013501f01 R11: ffff88809a80f80f R12: 0000000000000020 [ 63.436533] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 63.443805] FS: 00007ff3041bb700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 63.452026] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.457902] CR2: 00007ff304199db8 CR3: 00000000954fe000 CR4: 00000000001406f0 [ 63.465176] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.472446] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.479710] Call Trace: [ 63.482305] ? memcpy+0x46/0x50 [ 63.485588] binder_alloc_copy_from_buffer+0x37/0x42 [ 63.490693] binder_get_object+0xc3/0x200 [ 63.494845] binder_transaction+0x2b4a/0x6690 [ 63.499359] ? binder_thread_read+0x3d20/0x3d20 [ 63.504043] ? __lock_acquire+0x548/0x3fb0 [ 63.508294] ? __might_fault+0x12b/0x1e0 [ 63.512365] ? lock_downgrade+0x880/0x880 [ 63.516524] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.522331] ? _copy_from_user+0xdd/0x150 [ 63.526492] binder_thread_write+0x64a/0x2820 [ 63.531005] ? binder_transaction+0x6690/0x6690 [ 63.535686] ? __might_fault+0x12b/0x1e0 [ 63.539765] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.545314] ? _copy_from_user+0xdd/0x150 [ 63.549467] binder_ioctl+0x1033/0x183b [ 63.553450] ? binder_thread_write+0x2820/0x2820 [ 63.558206] ? __lock_acquire+0x548/0x3fb0 [ 63.562444] ? do_futex+0x178/0x1d50 [ 63.566162] ? __fget+0x340/0x540 [ 63.569627] ? binder_thread_write+0x2820/0x2820 [ 63.574382] do_vfs_ioctl+0xd6e/0x1390 [ 63.578271] ? ioctl_preallocate+0x210/0x210 [ 63.582685] ? __fget+0x367/0x540 [ 63.586135] ? ksys_dup3+0x3e0/0x3e0 [ 63.589851] ? __x64_sys_futex+0x404/0x590 [ 63.594084] ? security_file_ioctl+0x93/0xc0 [ 63.598491] ksys_ioctl+0xab/0xd0 [ 63.601950] __x64_sys_ioctl+0x73/0xb0 [ 63.605838] do_syscall_64+0x103/0x610 [ 63.609729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.614922] RIP: 0033:0x44aa09 [ 63.618112] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.637014] RSP: 002b:00007ff3041bace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.644732] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 63.651995] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 63.659256] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 63.666526] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 63.673787] R13: 00007ffcbd6c7cff R14: 00007ff3041bb9c0 R15: 0000000000000000 [ 63.681056] Modules linked in: [ 63.684265] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 63.685652] binder: 7725:7737 ioctl 40046207 0 returned -16 [ 63.689641] CPU: 1 PID: 7726 Comm: syz-executor625 Tainted: G D 5.0.0+ #11 [ 63.689649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.689673] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 63.689687] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 63.737680] RSP: 0018:ffff88809a2ff550 EFLAGS: 00010293 [ 63.743048] RAX: ffff88808ff88540 RBX: 0000000020001020 RCX: ffffffff8546cf0c [ 63.750307] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 63.757572] RBP: ffff88809a2ff5d0 R08: ffff88808ff88540 R09: 0000000000000028 [ 63.764836] R10: ffffed101345ff01 R11: ffff88809a2ff80f R12: 0000000000000020 [ 63.772096] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 63.779360] FS: 00007ff3041bb700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 63.787581] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.793453] CR2: 00007ff304178db8 CR3: 0000000097855000 CR4: 00000000001406e0 [ 63.800715] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.807977] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.815237] Call Trace: [ 63.817832] ? memcpy+0x46/0x50 [ 63.821114] binder_alloc_copy_from_buffer+0x37/0x42 [ 63.826214] binder_get_object+0xc3/0x200 [ 63.830360] binder_transaction+0x2b4a/0x6690 [ 63.835077] ? binder_thread_read+0x3d20/0x3d20 [ 63.839738] ? __lock_acquire+0x548/0x3fb0 [ 63.843963] ? __might_fault+0x12b/0x1e0 [ 63.848012] ? lock_downgrade+0x880/0x880 [ 63.852148] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.857666] ? _copy_from_user+0xdd/0x150 [ 63.861820] binder_thread_write+0x64a/0x2820 [ 63.866325] ? binder_transaction+0x6690/0x6690 [ 63.870992] ? __might_fault+0x12b/0x1e0 [ 63.875064] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.880601] ? _copy_from_user+0xdd/0x150 [ 63.884751] binder_ioctl+0x1033/0x183b [ 63.888729] ? binder_thread_write+0x2820/0x2820 [ 63.893484] ? __lock_acquire+0x548/0x3fb0 [ 63.897726] ? do_futex+0x178/0x1d50 [ 63.901461] ? __fget+0x340/0x540 [ 63.904932] ? binder_thread_write+0x2820/0x2820 [ 63.909687] do_vfs_ioctl+0xd6e/0x1390 [ 63.913575] ? ioctl_preallocate+0x210/0x210 [ 63.917982] ? __fget+0x367/0x540 [ 63.921436] ? ksys_dup3+0x3e0/0x3e0 [ 63.925156] ? __x64_sys_futex+0x404/0x590 [ 63.929394] ? security_file_ioctl+0x93/0xc0 [ 63.933803] ksys_ioctl+0xab/0xd0 [ 63.937255] __x64_sys_ioctl+0x73/0xb0 [ 63.941140] do_syscall_64+0x103/0x610 [ 63.945033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.950234] RIP: 0033:0x44aa09 [ 63.953424] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.972323] RSP: 002b:00007ff3041bace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.980032] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 63.987309] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 63.994580] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 64.001848] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 64.009217] R13: 00007ffcbd6c7cff R14: 00007ff3041bb9c0 R15: 0000000000000000 [ 64.016492] Modules linked in: [ 64.019712] invalid opcode: 0000 [#4] PREEMPT SMP KASAN [ 64.021084] binder: undelivered TRANSACTION_ERROR: 29189 [ 64.025095] CPU: 0 PID: 7719 Comm: syz-executor625 Tainted: G D 5.0.0+ #11 [ 64.025103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.025129] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 64.025144] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 64.031081] binder: BINDER_SET_CONTEXT_MGR already set [ 64.038887] RSP: 0018:ffff8880a7eb7550 EFLAGS: 00010293 [ 64.038900] RAX: ffff888085376440 RBX: 0000000020001000 RCX: ffffffff8546cf0c [ 64.038907] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 64.038925] RBP: ffff8880a7eb75d0 R08: ffff888085376440 R09: 0000000000000028 [ 64.038933] R10: ffffed1014fd6f01 R11: ffff8880a7eb780f R12: 0000000000000020 [ 64.038941] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 64.038952] FS: 00007ff3041bb700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 64.038960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.038967] CR2: 00007ff304199db8 CR3: 0000000096f14000 CR4: 00000000001406f0 [ 64.038977] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.038984] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.038989] Call Trace: [ 64.039014] ? memcpy+0x46/0x50 [ 64.039032] binder_alloc_copy_from_buffer+0x37/0x42 [ 64.049232] ---[ end trace 1ed1ace2365b11f0 ]--- [ 64.054203] binder_get_object+0xc3/0x200 [ 64.054222] binder_transaction+0x2b4a/0x6690 [ 64.054248] ? binder_thread_read+0x3d20/0x3d20 [ 64.054262] ? __lock_acquire+0x548/0x3fb0 [ 64.054283] ? __might_fault+0x12b/0x1e0 [ 64.193010] ? lock_downgrade+0x880/0x880 [ 64.197184] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.202727] ? _copy_from_user+0xdd/0x150 [ 64.206880] binder_thread_write+0x64a/0x2820 [ 64.211383] ? binder_transaction+0x6690/0x6690 [ 64.216049] ? __might_fault+0x12b/0x1e0 [ 64.220121] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.225649] ? _copy_from_user+0xdd/0x150 [ 64.229797] binder_ioctl+0x1033/0x183b [ 64.233769] ? binder_thread_write+0x2820/0x2820 [ 64.238520] ? __lock_acquire+0x548/0x3fb0 [ 64.242755] ? do_futex+0x178/0x1d50 [ 64.246473] ? __fget+0x340/0x540 [ 64.249936] ? binder_thread_write+0x2820/0x2820 [ 64.254689] do_vfs_ioctl+0xd6e/0x1390 [ 64.258579] ? ioctl_preallocate+0x210/0x210 [ 64.262983] ? __fget+0x367/0x540 [ 64.266432] ? ksys_dup3+0x3e0/0x3e0 [ 64.270145] ? __x64_sys_futex+0x404/0x590 [ 64.274378] ? security_file_ioctl+0x93/0xc0 [ 64.278780] ksys_ioctl+0xab/0xd0 [ 64.282229] __x64_sys_ioctl+0x73/0xb0 [ 64.286121] do_syscall_64+0x103/0x610 [ 64.290015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.295199] RIP: 0033:0x44aa09 [ 64.298389] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.317297] RSP: 002b:00007ff3041bace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.325010] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 64.332293] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000005 [ 64.339560] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 64.346819] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 64.354083] R13: 00007ffcbd6c7cff R14: 00007ff3041bb9c0 R15: 0000000000000000 [ 64.361352] Modules linked in: [ 64.364566] invalid opcode: 0000 [#5] PREEMPT SMP KASAN [ 64.367449] ---[ end trace 1ed1ace2365b11f1 ]--- [ 64.369950] CPU: 1 PID: 7727 Comm: syz-executor625 Tainted: G D 5.0.0+ #11 [ 64.369958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.369991] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 64.370006] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 64.374926] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 64.383055] RSP: 0018:ffff888089a37550 EFLAGS: 00010293 [ 64.383068] RAX: ffff888096b5e1c0 RBX: 0000000020001060 RCX: ffffffff8546cf0c [ 64.383074] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 64.383082] RBP: ffff888089a375d0 R08: ffff888096b5e1c0 R09: 0000000000000028 [ 64.383090] R10: ffffed1011346f01 R11: ffff888089a3780f R12: 0000000000000020 [ 64.383097] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 64.383107] FS: 00007ff3041bb700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 64.383115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.383121] CR2: 0000000000000000 CR3: 0000000096ba6000 CR4: 00000000001406e0 [ 64.383132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.383144] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.392638] ---[ end trace 1ed1ace2365b11f2 ]--- [ 64.398276] Call Trace: [ 64.398302] ? memcpy+0x46/0x50 [ 64.398324] binder_alloc_copy_from_buffer+0x37/0x42 [ 64.417339] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 64.423006] binder_get_object+0xc3/0x200 [ 64.423025] binder_transaction+0x2b4a/0x6690 [ 64.423051] ? binder_thread_read+0x3d20/0x3d20 [ 64.428463] RSP: 0018:ffff888088d17550 EFLAGS: 00010293 [ 64.435647] ? __lock_acquire+0x548/0x3fb0 [ 64.435670] ? __might_fault+0x12b/0x1e0 [ 64.435690] ? lock_downgrade+0x880/0x880 [ 64.443056] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 64.450213] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.450228] ? _copy_from_user+0xdd/0x150 [ 64.450245] binder_thread_write+0x64a/0x2820 [ 64.457603] RAX: ffff88808eb38000 RBX: 0000000020001080 RCX: ffffffff8546cf0c [ 64.464773] ? binder_transaction+0x6690/0x6690 [ 64.464788] ? __might_fault+0x12b/0x1e0 [ 64.464812] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.473112] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 64.478880] ? _copy_from_user+0xdd/0x150 [ 64.478897] binder_ioctl+0x1033/0x183b [ 64.478923] ? binder_thread_write+0x2820/0x2820 [ 64.486253] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 64.493432] ? __lock_acquire+0x548/0x3fb0 [ 64.493452] ? do_futex+0x178/0x1d50 [ 64.493472] ? __fget+0x340/0x540 [ 64.500793] RBP: ffff888088d175d0 R08: ffff88808eb38000 R09: 0000000000000028 [ 64.505471] ? binder_thread_write+0x2820/0x2820 [ 64.505488] do_vfs_ioctl+0xd6e/0x1390 [ 64.505504] ? ioctl_preallocate+0x210/0x210 [ 64.505518] ? __fget+0x367/0x540 [ 64.508151] RSP: 0018:ffff888088d17550 EFLAGS: 00010293 [ 64.511356] ? ksys_dup3+0x3e0/0x3e0 [ 64.511375] ? __x64_sys_futex+0x404/0x590 [ 64.511392] ? security_file_ioctl+0x93/0xc0 [ 64.516587] R10: ffffed10111a2f01 R11: ffff888088d1780f R12: 0000000000000020 [ 64.535382] ksys_ioctl+0xab/0xd0 [ 64.535398] __x64_sys_ioctl+0x73/0xb0 [ 64.535415] do_syscall_64+0x103/0x610 [ 64.535440] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.539670] RAX: ffff88808eb38000 RBX: 0000000020001080 RCX: ffffffff8546cf0c [ 64.544046] RIP: 0033:0x44aa09 [ 64.544061] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.544068] RSP: 002b:00007ff3041bace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.544081] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 64.544092] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000005 [ 64.548811] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 64.554087] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 64.554095] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 64.554103] R13: 00007ffcbd6c7cff R14: 00007ff3041bb9c0 R15: 0000000000000000 [ 64.554115] Modules linked in: [ 64.556106] ------------[ cut here ]------------ [ 64.559760] RBP: ffff888088d175d0 R08: ffff88808eb38000 R09: 0000000000000028 [ 64.562393] kernel BUG at drivers/android/binder_alloc.c:1141! [ 64.562676] binder: 7738:7740 ioctl 40046207 0 returned -16 [ 64.567150] R10: ffffed10111a2f01 R11: ffff888088d1780f R12: 0000000000000020 [ 64.572711] invalid opcode: 0000 [#6] PREEMPT SMP KASAN [ 64.578278] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 64.582193] CPU: 1 PID: 7739 Comm: syz-executor625 Tainted: G D 5.0.0+ #11 [ 64.582202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.582228] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 64.582242] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5e 29 fc 4c 89 e6 4c 89 ef e8 e4 5f 29 fc 4d 39 e5 76 07 e8 ba 5e 29 fc <0f> 0b e8 b3 5e 29 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 64.582253] RSP: 0018:ffff888089ecf550 EFLAGS: 00010293 [ 64.586804] FS: 00007ff3041bb700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 64.593997] RAX: ffff888089d4a080 RBX: 00000000200010a0 RCX: ffffffff8546cf0c [ 64.594005] RDX: 0000000000000000 RSI: ffffffff8546cf16 RDI: 0000000000000006 [ 64.594014] RBP: ffff888089ecf5d0 R08: ffff888089d4a080 R09: 0000000000000028 [ 64.594022] R10: ffffed10113d9f01 R11: ffff888089ecf80f R12: 0000000000000020 [ 64.594029] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 64.594042] FS: 00007ff3041bb700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 64.598757] R13: 0000000000000028 R14: ffff88808e78c210 R15: 0000000000000000 [ 64.602732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.602740] CR2: 0000000000000000 CR3: 00000000a47d0000 CR4: 00000000001406e0 [ 64.602751] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.602759] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.602763] Call Trace: [ 64.602783] ? memcpy+0x46/0x50 [ 64.608361] FS: 00007ff3041bb700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 64.627190] binder_alloc_copy_from_buffer+0x37/0x42 [ 64.627206] binder_get_object+0xc3/0x200 [ 64.627224] binder_transaction+0x2b4a/0x6690 [ 64.627249] ? binder_thread_read+0x3d20/0x3d20 [ 64.631454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.635331] ? mark_held_locks+0xf0/0xf0 [ 64.635347] ? mark_held_locks+0xf0/0xf0 [ 64.635364] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 64.635381] ? binder_get_thread+0x1db/0x7c0 [ 64.640185] CR2: 00007ff304199db8 CR3: 00000000954fe000 CR4: 00000000001406f0 [ 64.647381] ? lock_downgrade+0x880/0x880 [ 64.647396] ? __might_fault+0xfb/0x1e0 [ 64.647417] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.647434] ? _copy_from_user+0xdd/0x150 [ 64.651737] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.655349] binder_thread_write+0x64a/0x2820 [ 64.655372] ? binder_transaction+0x6690/0x6690 [ 64.655387] ? kasan_check_write+0x14/0x20 [ 64.655405] ? do_raw_spin_lock+0x12a/0x2e0 [ 64.658911] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.666100] ? __might_fault+0xfb/0x1e0 [ 64.666121] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.666139] ? _copy_from_user+0xdd/0x150 [ 64.670969] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.674751] binder_ioctl+0x1033/0x183b [ 64.674770] ? binder_thread_write+0x2820/0x2820 [ 64.674790] ? do_futex+0x178/0x1d50 [ 64.679239] CR2: 00007ff304199db8 CR3: 0000000096f14000 CR4: 00000000001406f0 [ 64.682615] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 64.682631] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.682646] ? mark_held_locks+0xf0/0xf0 [ 64.682662] ? exit_robust_list+0x290/0x290 [ 64.688068] Kernel panic - not syncing: Fatal exception [ 64.691706] ? binder_thread_write+0x2820/0x2820 [ 65.168146] do_vfs_ioctl+0xd6e/0x1390 [ 65.172038] ? ioctl_preallocate+0x210/0x210 [ 65.176442] ? __fget+0x367/0x540 [ 65.179889] ? ksys_dup3+0x3e0/0x3e0 [ 65.183609] ? __x64_sys_futex+0x404/0x590 [ 65.187843] ? security_file_ioctl+0x93/0xc0 [ 65.192247] ksys_ioctl+0xab/0xd0 [ 65.195703] __x64_sys_ioctl+0x73/0xb0 [ 65.199594] do_syscall_64+0x103/0x610 [ 65.203484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.208670] RIP: 0033:0x44aa09 [ 65.211863] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.230756] RSP: 002b:00007ff3041bace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.238459] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 65.245719] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 65.252980] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 65.260241] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 65.267501] R13: 00007ffcbd6c7cff R14: 00007ff3041bb9c0 R15: 0000000000000000 [ 65.274767] Modules linked in: [ 65.278450] Kernel Offset: disabled [ 65.282073] Rebooting in 86400 seconds..