INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-3,10.128.0.19' (ECDSA) to the list of known hosts.
2017/12/05 06:21:48 parsed 1 programs
2017/12/05 06:21:48 executed programs: 0
syzkaller login: [   30.867543] binder: 3111:3115 got new transaction with bad transaction stack, transaction 2 has target 3111:0
[   30.868473] binder: 3099:3105 got new transaction with bad transaction stack, transaction 5 has target 3099:0
[   30.868481] binder: 3099:3105 transaction failed 29201/-71, size 0-0 line 2782
[   30.870507] binder: 3117:3120 got new transaction with bad transaction stack, transaction 8 has target 3117:0
[   30.870514] binder: 3117:3120 transaction failed 29201/-71, size 0-0 line 2782
[   30.873675] binder: 3111:3115 transaction failed 29201/-71, size 0-0 line 2782
[   30.875943] binder: 3121:3122 got new transaction with bad transaction stack, transaction 11 has target 3121:0
[   30.875950] binder: 3121:3122 transaction failed 29201/-71, size 0-0 line 2782
[   30.877307] binder: 3108:3113 got new transaction with bad transaction stack, transaction 14 has target 3108:0
[   30.877315] binder: 3108:3113 transaction failed 29201/-71, size 0-0 line 2782
[   30.878794] binder: 3110:3116 got new transaction with bad transaction stack, transaction 17 has target 3110:0
[   30.878802] binder: 3110:3116 transaction failed 29201/-71, size 0-0 line 2782
[   30.881179] binder: 3112:3119 got new transaction with bad transaction stack, transaction 20 has target 3112:0
[   30.881186] binder: 3112:3119 transaction failed 29201/-71, size 0-0 line 2782
[   30.881501] binder: 3098:3106 got new transaction with bad transaction stack, transaction 23 has target 3098:0
[   30.881509] binder: 3098:3106 transaction failed 29201/-71, size 0-0 line 2782
[   30.888995] binder: send failed reply for transaction 14 to 3108:3113
[   30.895926] binder: 3108:3113 got new transaction with bad transaction stack, transaction 26 has target 3108:0
[   30.895936] binder: 3108:3113 transaction failed 29201/-71, size 0-0 line 2782
[   30.900575] binder: send failed reply for transaction 26 to 3108:3113
[   30.905657] binder: undelivered TRANSACTION_ERROR: 29189
[   30.905673] binder: undelivered TRANSACTION_ERROR: 29189
[   30.907905] binder: 3111:3130 DecRefs 0 refcount change on invalid ref 0 ret -22
[   30.916126] binder: send failed reply for transaction 17 to 3110:3116
[   30.919713] binder: send failed reply for transaction 23 to 3098:3106
[   30.919751] binder: send failed reply for transaction 20 to 3112:3119
[   30.923769] binder: send failed reply for transaction 8 to 3117:3120
[   30.933293] binder: 3098:3139 DecRefs 0 refcount change on invalid ref 0 ret -22
[   30.933568] binder: 3110:3143 DecRefs 0 refcount change on invalid ref 0 ret -22
[   30.933619] binder: 3112:3144 DecRefs 0 refcount change on invalid ref 0 ret -22
[   30.933709] binder: send failed reply for transaction 11 to 3121:3122
[   30.941261] binder: BINDER_SET_CONTEXT_MGR already set
[   30.941271] binder: 3099:3123 ioctl 40046207 0 returned -16
[   30.941377] binder_alloc: 3099: binder_alloc_buf, no vma
[   30.941403] binder: 3099:3140 transaction failed 29189/-3, size 0-0 line 2870
[   30.941467] binder: send failed reply for transaction 5 to 3099:3105
[   30.946520] binder: 3117:3142 DecRefs 0 refcount change on invalid ref 0 ret -22
[   30.946582] binder: 3099:3123 transaction failed 29189/-22, size 0-0 line 2755
[   30.953319] binder: send failed reply for transaction 33 to 3110:3143
[   30.953328] binder: send failed reply for transaction 35 to 3110:3116
[   30.953330] ------------[ cut here ]------------
[   30.953333] Unexpected reply error: 29189
[   30.953433] WARNING: CPU: 1 PID: 23 at drivers/android/binder.c:1924 binder_send_failed_reply+0x13b/0x350
[   30.953437] Kernel panic - not syncing: panic_on_warn set ...
[   30.953437] 
[   30.953442] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.15.0-rc2+ #207
[   30.953445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.953450] Workqueue: events binder_deferred_func
[   30.953454] Call Trace:
[   30.953462]  dump_stack+0x194/0x257
[   30.953470]  ? arch_local_irq_restore+0x53/0x53
[   30.953482]  ? vsnprintf+0x1ed/0x1900
[   30.953496]  panic+0x1e4/0x41c
[   30.953501]  ? refcount_error_report+0x214/0x214
[   30.953507]  ? show_regs_print_info+0x65/0x65
[   30.953522]  ? __warn+0x1c1/0x200
[   30.953531]  ? binder_send_failed_reply+0x13b/0x350
[   30.953535]  __warn+0x1dc/0x200
[   30.953541]  ? binder_send_failed_reply+0x13b/0x350
[   30.953551]  report_bug+0x211/0x2d0
[   30.953565]  fixup_bug.part.11+0x37/0x80
[   30.953572]  do_error_trap+0x2d7/0x3e0
[   30.953576]  ? __down_trylock_console_sem+0x10d/0x1e0
[   30.953586]  ? math_error+0x400/0x400
[   30.953591]  ? vprintk_emit+0x3ea/0x590
[   30.953599]  ? vprintk_emit+0x3ea/0x590
[   30.953616]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.953629]  do_invalid_op+0x1b/0x20
[   30.953636]  invalid_op+0x18/0x20
[   30.953640] RIP: 0010:binder_send_failed_reply+0x13b/0x350
[   30.953643] RSP: 0018:ffff8801d9cf70f8 EFLAGS: 00010286
[   30.953648] RAX: dffffc0000000008 RBX: ffff8801d776e000 RCX: ffffffff8159c48e
[   30.953650] RDX: 0000000000000000 RSI: 1ffff1003b39f529 RDI: 0000000000000293
[   30.953653] RBP: ffff8801d9cf7120 R08: 1ffff1003b39edb2 R09: 0000000000000000
[   30.953656] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801cd95f500
[   30.953659] R13: 0000000000007205 R14: 0000000000007205 R15: 0000000000000c26
[   30.953674]  ? vprintk_func+0x5e/0xc0
[   30.953686]  ? binder_send_failed_reply+0x13b/0x350
[   30.953696]  binder_release_work+0x3d9/0x580
[   30.953707]  ? kzalloc.constprop.53+0x20/0x20
[   30.953720]  ? do_raw_spin_trylock+0x190/0x190
[   30.953730]  ? kfree+0xe4/0x250
[   30.953735]  ? binder_deferred_func+0xe8a/0x12f0
[   30.953746]  ? _raw_spin_unlock+0x22/0x30
[   30.953756]  binder_deferred_func+0xdf5/0x12f0
[   30.953777]  ? binder_cleanup_ref_olocked+0xab0/0xab0
[   30.953785]  ? mntput_no_expire+0x15e/0xa90
[   30.953796]  ? find_held_lock+0x39/0x1d0
[   30.953807]  ? check_noncircular+0x20/0x20
[   30.953822]  ? lock_acquire+0x1d5/0x580
[   30.953828]  ? process_one_work+0xb2f/0x1be0
[   30.953847]  ? __lock_is_held+0xbc/0x140
[   30.953868]  process_one_work+0xbfd/0x1be0
[   30.953889]  ? pwq_dec_nr_in_flight+0x450/0x450
[   30.953894]  ? finish_task_switch+0x1d3/0x740
[   30.953898]  ? finish_task_switch+0x1aa/0x740
[   30.953923]  ? perf_trace_lock_acquire+0xe3/0x980
[   30.953938]  ? perf_trace_lock+0x900/0x900
[   30.953942]  ? __sched_text_start+0x8/0x8
[   30.953955]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.953965]  ? select_task_rq_fair+0x2770/0x2770
[   30.953969]  ? check_noncircular+0x20/0x20
[   30.953982]  ? find_held_lock+0x39/0x1d0
[   30.954002]  ? lock_acquire+0x1d5/0x580
[   30.954006]  ? worker_thread+0x4a3/0x1990
[   30.954020]  ? lock_release+0xda0/0xda0
[   30.954027]  ? retint_kernel+0x10/0x10
[   30.954035]  ? do_raw_spin_trylock+0x190/0x190
[   30.954056]  worker_thread+0x223/0x1990
[   30.954086]  ? process_one_work+0x1be0/0x1be0
[   30.954095]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.954103]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.954110]  ? trace_hardirqs_on+0xd/0x10
[   30.954114]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.954121]  ? finish_task_switch+0x1d3/0x740
[   30.954125]  ? finish_task_switch+0x1aa/0x740
[   30.954136]  ? copy_overflow+0x20/0x20
[   30.954154]  ? __schedule+0x8f3/0x2060
[   30.954158]  ? check_noncircular+0x20/0x20
[   30.954180]  ? find_held_lock+0x39/0x1d0
[   30.954195]  ? find_held_lock+0x39/0x1d0
[   30.954213]  ? lock_downgrade+0x980/0x980
[   30.954221]  ? default_wake_function+0x30/0x50
[   30.954237]  ? __schedule+0x2060/0x2060
[   30.954241]  ? do_wait_intr+0x3e0/0x3e0
[   30.954250]  ? do_raw_spin_trylock+0x190/0x190
[   30.954258]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   30.954266]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.954273]  ? trace_hardirqs_on+0xd/0x10
[   30.954278]  ? __kthread_parkme+0x175/0x240
[   30.954288]  kthread+0x37a/0x440
[   30.954293]  ? process_one_work+0x1be0/0x1be0
[   30.954297]  ? kthread_stop+0x7b0/0x7b0
[   30.954305]  ret_from_fork+0x24/0x30
[   30.954833] Dumping ftrace buffer:
[   30.954863]    (ftrace buffer empty)
[   30.954866] Kernel Offset: disabled
[   31.577811] Rebooting in 86400 seconds..