[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   47.562399][   T26] audit: type=1800 audit(1553784494.582:25): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   47.609297][   T26] audit: type=1800 audit(1553784494.592:26): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   47.633562][   T26] audit: type=1800 audit(1553784494.592:27): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts.
syzkaller login: [   96.430892][ T7901] IPVS: ftp: loaded support on port[0] = 21
[   96.430899][ T7904] IPVS: ftp: loaded support on port[0] = 21
[   96.446643][ T7905] IPVS: ftp: loaded support on port[0] = 21
[   96.450368][ T7900] IPVS: ftp: loaded support on port[0] = 21
[   96.456423][ T7903] IPVS: ftp: loaded support on port[0] = 21
[   96.463597][ T7902] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
[   96.693565][ T7908] binder: 7907:7908 BC_DEAD_BINDER_DONE 0000000000000004 not found
[   96.701324][ T7913] binder: 7906:7913 BC_DEAD_BINDER_DONE 0000000000000004 not found
[   96.706074][ T7915] binder: 7910:7915 BC_DEAD_BINDER_DONE 0000000000000004 not found
[   96.710696][ T7914] binder: 7912:7914 BC_DEAD_BINDER_DONE 0000000000000004 not found
[   96.718177][ T7911] binder: 7909:7911 BC_DEAD_BINDER_DONE 0000000000000004 not found
[   96.730385][ T7917] binder: 7916:7917 BC_DEAD_BINDER_DONE 0000000000000004 not found
[   96.734625][ T7913] binder: 7906:7913 DecRefs 0 refcount change on invalid ref 1 ret -22
[   96.742451][ T7917] binder: 7916:7917 DecRefs 0 refcount change on invalid ref 1 ret -22
[   96.751506][ T7908] binder: 7907:7908 DecRefs 0 refcount change on invalid ref 1 ret -22
[   96.767814][ T7918] binder: BINDER_SET_CONTEXT_MGR already set
[   96.768359][ T7915] binder: 7910:7915 DecRefs 0 refcount change on invalid ref 1 ret -22
[   96.783515][ T7914] binder: 7912:7914 DecRefs 0 refcount change on invalid ref 1 ret -22
[   96.783932][ T7911] binder: 7909:7911 DecRefs 0 refcount change on invalid ref 1 ret -22
[   96.801786][ T7913] ------------[ cut here ]------------
[   96.801790][ T7908] ------------[ cut here ]------------
[   96.801805][ T7908] kernel BUG at drivers/android/binder_alloc.c:1141!
[   96.807273][ T7913] kernel BUG at drivers/android/binder_alloc.c:1141!
[   96.814010][ T7915] ------------[ cut here ]------------
[   96.819619][ T7921] binder: BINDER_SET_CONTEXT_MGR already set
[   96.826053][ T7915] kernel BUG at drivers/android/binder_alloc.c:1141!
[   96.826676][ T7908] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   96.831788][ T7918] binder: 7907:7918 ioctl 40046207 0 returned -16
[   96.837664][ T7908] CPU: 0 PID: 7908 Comm: syz-executor030 Not tainted 5.1.0-rc2+ #40
[   96.837671][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   96.837737][ T7908] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   96.837755][ T7908] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   96.845108][ T7914] ------------[ cut here ]------------
[   96.850679][ T7908] RSP: 0018:ffff88809039f6d8 EFLAGS: 00010293
[   96.857111][ T7914] kernel BUG at drivers/android/binder_alloc.c:1141!
[   96.865088][ T7908] RAX: ffff888091170040 RBX: 0000000020001008 RCX: ffffffff854c7d3c
[   96.927360][ T7908] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   96.935337][ T7908] RBP: ffff88809039f758 R08: ffff888091170040 R09: 0000000000000028
[   96.943316][ T7908] R10: ffffed1012073f32 R11: ffff88809039f997 R12: 0000000000000008
[   96.951293][ T7908] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   96.959276][ T7908] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f40b40
[   96.968231][ T7908] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   96.974827][ T7908] CR2: 00000000f7f1fdb0 CR3: 000000008f2b9000 CR4: 00000000001406f0
[   96.982816][ T7908] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   96.990803][ T7908] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   96.998783][ T7908] Call Trace:
[   97.002132][ T7908]  ? memcpy+0x46/0x50
[   97.006148][ T7908]  binder_alloc_copy_from_buffer+0x37/0x42
[   97.011997][ T7908]  binder_get_object+0xc3/0x200
[   97.017046][ T7908]  binder_transaction+0x2b4a/0x6690
[   97.022279][ T7908]  ? binder_thread_read+0x3d50/0x3d50
[   97.027699][ T7908]  ? __lock_acquire+0x548/0x3fb0
[   97.032686][ T7908]  ? __might_fault+0x12b/0x1e0
[   97.037472][ T7908]  ? lock_downgrade+0x880/0x880
[   97.042370][ T7908]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.048682][ T7908]  ? _copy_from_user+0xdd/0x150
[   97.053559][ T7908]  binder_thread_write+0x87e/0x2820
[   97.058792][ T7908]  ? binder_transaction+0x6690/0x6690
[   97.064188][ T7908]  ? __might_fault+0x12b/0x1e0
[   97.068995][ T7908]  ? lock_downgrade+0x880/0x880
[   97.073886][ T7908]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.080158][ T7908]  ? _copy_from_user+0xdd/0x150
[   97.085035][ T7908]  binder_ioctl+0x1033/0x183b
[   97.089753][ T7908]  ? binder_thread_write+0x2820/0x2820
[   97.095259][ T7908]  ? __fget+0x381/0x550
[   97.099437][ T7908]  ? ksys_dup3+0x3e0/0x3e0
[   97.103900][ T7908]  ? tomoyo_file_ioctl+0x23/0x30
[   97.108880][ T7908]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.115148][ T7908]  ? security_file_ioctl+0x93/0xc0
[   97.120301][ T7908]  ? binder_thread_write+0x2820/0x2820
[   97.125805][ T7908]  __ia32_compat_sys_ioctl+0x197/0x620
[   97.131303][ T7908]  do_fast_syscall_32+0x281/0xc98
[   97.136403][ T7908]  entry_SYSENTER_compat+0x70/0x7f
[   97.141554][ T7908] RIP: 0023:0xf7f44869
[   97.145632][ T7908] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   97.165246][ T7908] RSP: 002b:00000000f7f4012c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   97.173694][ T7908] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[   97.181680][ T7908] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[   97.189752][ T7908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.197738][ T7908] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   97.205724][ T7908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.213800][ T7908] Modules linked in:
[   97.217762][ T7913] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[   97.218451][ T7917] ------------[ cut here ]------------
[   97.223877][ T7913] CPU: 1 PID: 7913 Comm: syz-executor030 Tainted: G      D           5.1.0-rc2+ #40
[   97.229336][ T7917] kernel BUG at drivers/android/binder_alloc.c:1141!
[   97.238707][ T7913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.255469][ T7913] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   97.262076][ T7913] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   97.281714][ T7913] RSP: 0018:ffff8880912a76d8 EFLAGS: 00010293
[   97.287878][ T7913] RAX: ffff8880a02d6040 RBX: 0000000020001000 RCX: ffffffff854c7d3c
[   97.295859][ T7913] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   97.303846][ T7913] RBP: ffff8880912a7758 R08: ffff8880a02d6040 R09: 0000000000000028
[   97.311825][ T7913] R10: ffffed1012254f32 R11: ffff8880912a7997 R12: 0000000000000008
[   97.319805][ T7913] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   97.327792][ T7913] FS:  0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f40b40
[   97.336738][ T7913] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   97.343331][ T7913] CR2: 00000000f7f1fdb0 CR3: 000000008d7a3000 CR4: 00000000001406e0
[   97.351319][ T7913] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   97.359307][ T7913] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   97.367287][ T7913] Call Trace:
[   97.370623][ T7913]  ? memcpy+0x46/0x50
[   97.374642][ T7913]  binder_alloc_copy_from_buffer+0x37/0x42
[   97.380467][ T7913]  binder_get_object+0xc3/0x200
[   97.385346][ T7913]  binder_transaction+0x2b4a/0x6690
[   97.390696][ T7913]  ? binder_thread_read+0x3d50/0x3d50
[   97.396108][ T7913]  ? __lock_acquire+0x548/0x3fb0
[   97.401123][ T7913]  ? __might_fault+0x12b/0x1e0
[   97.405933][ T7913]  ? lock_downgrade+0x880/0x880
[   97.410848][ T7913]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.417181][ T7913]  ? _copy_from_user+0xdd/0x150
[   97.422103][ T7913]  binder_thread_write+0x87e/0x2820
[   97.427383][ T7913]  ? binder_transaction+0x6690/0x6690
[   97.432791][ T7913]  ? __might_fault+0x12b/0x1e0
[   97.437618][ T7913]  ? lock_downgrade+0x880/0x880
[   97.442569][ T7913]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.448835][ T7913]  ? _copy_from_user+0xdd/0x150
[   97.453792][ T7913]  binder_ioctl+0x1033/0x183b
[   97.458490][ T7913]  ? binder_thread_write+0x2820/0x2820
[   97.463966][ T7913]  ? __fget+0x381/0x550
[   97.468169][ T7913]  ? ksys_dup3+0x3e0/0x3e0
[   97.472611][ T7913]  ? tomoyo_file_ioctl+0x23/0x30
[   97.477581][ T7913]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.483834][ T7913]  ? security_file_ioctl+0x93/0xc0
[   97.488963][ T7913]  ? binder_thread_write+0x2820/0x2820
[   97.494435][ T7913]  __ia32_compat_sys_ioctl+0x197/0x620
[   97.499919][ T7913]  do_fast_syscall_32+0x281/0xc98
[   97.504962][ T7913]  entry_SYSENTER_compat+0x70/0x7f
[   97.510077][ T7913] RIP: 0023:0xf7f44869
[   97.514160][ T7913] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   97.533771][ T7913] RSP: 002b:00000000f7f4012c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   97.542196][ T7913] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[   97.550476][ T7913] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[   97.558458][ T7913] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.566432][ T7913] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   97.574452][ T7913] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.582606][ T7913] Modules linked in:
[   97.586526][ T7915] invalid opcode: 0000 [#3] PREEMPT SMP KASAN
[   97.586725][ T7922] binder: BINDER_SET_CONTEXT_MGR already set
[   97.592922][ T7915] CPU: 0 PID: 7915 Comm: syz-executor030 Tainted: G      D           5.1.0-rc2+ #40
[   97.592929][ T7915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.592943][ T7915] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   97.592953][ T7915] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   97.592957][ T7915] RSP: 0018:ffff888090e076d8 EFLAGS: 00010293
[   97.599426][ T7922] binder: 7909:7922 ioctl 40046207 0 returned -16
[   97.608467][ T7915] RAX: ffff88809f80a040 RBX: 0000000020001010 RCX: ffffffff854c7d3c
[   97.608473][ T7915] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   97.608477][ T7915] RBP: ffff888090e07758 R08: ffff88809f80a040 R09: 0000000000000028
[   97.608485][ T7915] R10: ffffed10121c0f32 R11: ffff888090e07997 R12: 0000000000000008
[   97.608489][ T7915] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   97.608496][ T7915] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f40b40
[   97.608500][ T7915] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   97.608504][ T7915] CR2: 00000000f7efedb0 CR3: 000000009f18b000 CR4: 00000000001406f0
[   97.608525][ T7915] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   97.608529][ T7915] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   97.608534][ T7915] Call Trace:
[   97.608564][ T7915]  ? memcpy+0x46/0x50
[   97.619023][ T7921] binder: 7912:7921 ioctl 40046207 0 returned -16
[   97.625539][ T7915]  binder_alloc_copy_from_buffer+0x37/0x42
[   97.625562][ T7915]  binder_get_object+0xc3/0x200
[   97.625584][ T7915]  binder_transaction+0x2b4a/0x6690
[   97.625610][ T7915]  ? binder_thread_read+0x3d50/0x3d50
[   97.625628][ T7915]  ? __might_fault+0x12b/0x1e0
[   97.625639][ T7915]  ? lock_downgrade+0x880/0x880
[   97.625663][ T7915]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.645728][ T7924] binder: BINDER_SET_CONTEXT_MGR already set
[   97.651656][ T7915]  ? _copy_from_user+0xdd/0x150
[   97.651671][ T7915]  binder_thread_write+0x87e/0x2820
[   97.651695][ T7915]  ? binder_transaction+0x6690/0x6690
[   97.812282][ T7915]  ? __might_fault+0x12b/0x1e0
[   97.817229][ T7915]  ? lock_downgrade+0x880/0x880
[   97.822402][ T7915]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.828685][ T7915]  ? _copy_from_user+0xdd/0x150
[   97.833658][ T7915]  binder_ioctl+0x1033/0x183b
[   97.838427][ T7915]  ? binder_thread_write+0x2820/0x2820
[   97.844178][ T7915]  ? __fget+0x381/0x550
[   97.848374][ T7915]  ? ksys_dup3+0x3e0/0x3e0
[   97.852820][ T7915]  ? tomoyo_file_ioctl+0x23/0x30
[   97.857789][ T7915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.864213][ T7915]  ? security_file_ioctl+0x93/0xc0
[   97.869338][ T7915]  ? binder_thread_write+0x2820/0x2820
[   97.874878][ T7915]  __ia32_compat_sys_ioctl+0x197/0x620
[   97.880434][ T7915]  do_fast_syscall_32+0x281/0xc98
[   97.885683][ T7915]  entry_SYSENTER_compat+0x70/0x7f
[   97.891100][ T7915] RIP: 0023:0xf7f44869
[   97.895229][ T7915] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   97.915209][ T7915] RSP: 002b:00000000f7f4012c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   97.923723][ T7915] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[   97.931723][ T7915] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[   97.940159][ T7915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.948176][ T7915] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   97.956165][ T7915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.964232][ T7915] Modules linked in:
[   97.968238][ T7914] invalid opcode: 0000 [#4] PREEMPT SMP KASAN
[   97.974322][ T7914] CPU: 1 PID: 7914 Comm: syz-executor030 Tainted: G      D           5.1.0-rc2+ #40
[   97.983843][ T7914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.993975][ T7914] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.000467][ T7914] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.020230][ T7914] RSP: 0018:ffff8880942cf6d8 EFLAGS: 00010293
[   98.026294][ T7914] RAX: ffff8880a0510040 RBX: 0000000020001018 RCX: ffffffff854c7d3c
[   98.034267][ T7914] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   98.042324][ T7914] RBP: ffff8880942cf758 R08: ffff8880a0510040 R09: 0000000000000028
[   98.050284][ T7914] R10: ffffed1012859f32 R11: ffff8880942cf997 R12: 0000000000000008
[   98.058249][ T7914] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   98.066212][ T7914] FS:  0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f40b40
[   98.075209][ T7914] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   98.081789][ T7914] CR2: 00000000f7efedb0 CR3: 000000009f285000 CR4: 00000000001406e0
[   98.089764][ T7914] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   98.097737][ T7914] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   98.105752][ T7914] Call Trace:
[   98.109172][ T7914]  ? memcpy+0x46/0x50
[   98.113147][ T7914]  binder_alloc_copy_from_buffer+0x37/0x42
[   98.118979][ T7914]  binder_get_object+0xc3/0x200
[   98.123878][ T7914]  binder_transaction+0x2b4a/0x6690
[   98.129091][ T7914]  ? binder_thread_read+0x3d50/0x3d50
[   98.134472][ T7914]  ? __lock_acquire+0x548/0x3fb0
[   98.139465][ T7914]  ? preempt_schedule+0x4b/0x60
[   98.144320][ T7914]  ? __might_fault+0x12b/0x1e0
[   98.149075][ T7914]  ? lock_downgrade+0x880/0x880
[   98.154023][ T7914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.160289][ T7914]  ? _copy_from_user+0xdd/0x150
[   98.165151][ T7914]  binder_thread_write+0x87e/0x2820
[   98.170358][ T7914]  ? binder_transaction+0x6690/0x6690
[   98.175772][ T7914]  ? __might_fault+0x12b/0x1e0
[   98.180533][ T7914]  ? lock_downgrade+0x880/0x880
[   98.185462][ T7914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.191710][ T7914]  ? _copy_from_user+0xdd/0x150
[   98.196704][ T7914]  binder_ioctl+0x1033/0x183b
[   98.201424][ T7914]  ? binder_thread_write+0x2820/0x2820
[   98.206881][ T7914]  ? __fget+0x381/0x550
[   98.211051][ T7914]  ? ksys_dup3+0x3e0/0x3e0
[   98.215467][ T7914]  ? tomoyo_file_ioctl+0x23/0x30
[   98.220506][ T7914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.226821][ T7914]  ? security_file_ioctl+0x93/0xc0
[   98.232008][ T7914]  ? binder_thread_write+0x2820/0x2820
[   98.237464][ T7914]  __ia32_compat_sys_ioctl+0x197/0x620
[   98.242945][ T7914]  do_fast_syscall_32+0x281/0xc98
[   98.247963][ T7914]  entry_SYSENTER_compat+0x70/0x7f
[   98.253071][ T7914] RIP: 0023:0xf7f44869
[   98.257130][ T7914] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   98.276724][ T7914] RSP: 002b:00000000f7f4012c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   98.285189][ T7914] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[   98.293209][ T7914] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[   98.301184][ T7914] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.309159][ T7914] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   98.317121][ T7914] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.325098][ T7914] Modules linked in:
[   98.329006][ T7917] invalid opcode: 0000 [#5] PREEMPT SMP KASAN
[   98.329920][ T7924] binder: 7910:7924 ioctl 40046207 0 returned -16
[   98.335110][ T7917] CPU: 0 PID: 7917 Comm: syz-executor030 Tainted: G      D           5.1.0-rc2+ #40
[   98.335117][ T7917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.335132][ T7917] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.335150][ T7917] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.335154][ T7917] RSP: 0018:ffff8880919176d8 EFLAGS: 00010293
[   98.335171][ T7917] RAX: ffff8880a1b42040 RBX: 0000000020001020 RCX: ffffffff854c7d3c
[   98.341845][ T7914] ---[ end trace 702b05b3e93fb3bd ]---
[   98.351011][ T7917] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   98.351017][ T7917] RBP: ffff888091917758 R08: ffff8880a1b42040 R09: 0000000000000028
[   98.351022][ T7917] R10: ffffed1012322f32 R11: ffff888091917997 R12: 0000000000000008
[   98.351026][ T7917] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   98.351033][ T7917] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f40b40
[   98.351037][ T7917] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   98.351041][ T7917] CR2: 00000000f7efedb0 CR3: 0000000097278000 CR4: 00000000001406f0
[   98.351048][ T7917] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   98.351052][ T7917] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   98.351055][ T7917] Call Trace:
[   98.351075][ T7917]  ? memcpy+0x46/0x50
[   98.351086][ T7917]  binder_alloc_copy_from_buffer+0x37/0x42
[   98.351096][ T7917]  binder_get_object+0xc3/0x200
[   98.351114][ T7917]  binder_transaction+0x2b4a/0x6690
[   98.351133][ T7917]  ? binder_thread_read+0x3d50/0x3d50
[   98.361531][ T7914] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.367914][ T7917]  ? __lock_acquire+0x548/0x3fb0
[   98.367928][ T7917]  ? __might_fault+0x12b/0x1e0
[   98.367937][ T7917]  ? lock_downgrade+0x880/0x880
[   98.367949][ T7917]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.367959][ T7917]  ? _copy_from_user+0xdd/0x150
[   98.367971][ T7917]  binder_thread_write+0x87e/0x2820
[   98.367984][ T7917]  ? binder_transaction+0x6690/0x6690
[   98.368002][ T7917]  ? __might_fault+0x12b/0x1e0
[   98.387966][ T7914] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.393832][ T7917]  ? lock_downgrade+0x880/0x880
[   98.393846][ T7917]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.393856][ T7917]  ? _copy_from_user+0xdd/0x150
[   98.393868][ T7917]  binder_ioctl+0x1033/0x183b
[   98.393879][ T7917]  ? binder_thread_write+0x2820/0x2820
[   98.393888][ T7917]  ? __fget+0x381/0x550
[   98.393906][ T7917]  ? ksys_dup3+0x3e0/0x3e0
[   98.402019][ T7914] RSP: 0018:ffff88809039f6d8 EFLAGS: 00010293
[   98.407338][ T7917]  ? tomoyo_file_ioctl+0x23/0x30
[   98.407349][ T7917]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.407358][ T7917]  ? security_file_ioctl+0x93/0xc0
[   98.407369][ T7917]  ? binder_thread_write+0x2820/0x2820
[   98.407379][ T7917]  __ia32_compat_sys_ioctl+0x197/0x620
[   98.407391][ T7917]  do_fast_syscall_32+0x281/0xc98
[   98.407402][ T7917]  entry_SYSENTER_compat+0x70/0x7f
[   98.407410][ T7917] RIP: 0023:0xf7f44869
[   98.407431][ T7917] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   98.415558][ T7914] RAX: ffff888091170040 RBX: 0000000020001008 RCX: ffffffff854c7d3c
[   98.423361][ T7917] RSP: 002b:00000000f7f4012c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   98.423373][ T7917] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[   98.423377][ T7917] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[   98.423381][ T7917] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.423385][ T7917] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   98.423389][ T7917] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.423397][ T7917] Modules linked in:
[   98.424663][ T7911] ------------[ cut here ]------------
[   98.431667][ T7914] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   98.439467][ T7911] kernel BUG at drivers/android/binder_alloc.c:1141!
[   98.441100][ T7911] invalid opcode: 0000 [#6] PREEMPT SMP KASAN
[   98.448760][ T7914] RBP: ffff88809039f758 R08: ffff888091170040 R09: 0000000000000028
[   98.455145][ T7911] CPU: 0 PID: 7911 Comm: syz-executor030 Tainted: G      D           5.1.0-rc2+ #40
[   98.455152][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.455167][ T7911] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.455176][ T7911] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.455180][ T7911] RSP: 0018:ffff888090e8f6d8 EFLAGS: 00010293
[   98.455187][ T7911] RAX: ffff8880857d25c0 RBX: 0000000020001028 RCX: ffffffff854c7d3c
[   98.455191][ T7911] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   98.455224][ T7911] RBP: ffff888090e8f758 R08: ffff8880857d25c0 R09: 0000000000000028
[   98.455229][ T7911] R10: ffffed10121d1f32 R11: ffff888090e8f997 R12: 0000000000000008
[   98.455233][ T7911] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   98.455239][ T7911] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f40b40
[   98.455244][ T7911] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   98.455248][ T7911] CR2: 00000000f7efedb0 CR3: 000000008a45d000 CR4: 00000000001406f0
[   98.455254][ T7911] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   98.455258][ T7911] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   98.455261][ T7911] Call Trace:
[   98.455276][ T7911]  ? memcpy+0x46/0x50
[   98.455285][ T7911]  binder_alloc_copy_from_buffer+0x37/0x42
[   98.455295][ T7911]  binder_get_object+0xc3/0x200
[   98.455304][ T7911]  binder_transaction+0x2b4a/0x6690
[   98.455321][ T7911]  ? binder_thread_read+0x3d50/0x3d50
[   98.463660][ T7925] binder: BINDER_SET_CONTEXT_MGR already set
[   98.471683][ T7911]  ? tick_nohz_tick_stopped+0x1a/0x90
[   98.479823][ T7908] ---[ end trace 702b05b3e93fb3be ]---
[   98.482974][ T7911]  ? wake_up_klogd+0x99/0xd0
[   98.482983][ T7911]  ? mark_held_locks+0xf0/0xf0
[   98.482990][ T7911]  ? vprintk_emit+0x1ce/0x6d0
[   98.482997][ T7911]  ? mark_held_locks+0xf0/0xf0
[   98.483015][ T7911]  ? vprintk_default+0x28/0x30
[   98.487158][ T7908] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.492889][ T7911]  ? lock_downgrade+0x880/0x880
[   98.492900][ T7911]  ? __might_fault+0xfb/0x1e0
[   98.492911][ T7911]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.492922][ T7911]  ? _copy_from_user+0xdd/0x150
[   98.492933][ T7911]  binder_thread_write+0x87e/0x2820
[   98.492945][ T7911]  ? binder_transaction+0x6690/0x6690
[   98.492952][ T7911]  ? __might_fault+0x12b/0x1e0
[   98.492970][ T7911]  ? lock_downgrade+0x880/0x880
[   98.497989][ T7908] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.503024][ T7911]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.503035][ T7911]  ? _copy_from_user+0xdd/0x150
[   98.503045][ T7911]  binder_ioctl+0x1033/0x183b
[   98.503056][ T7911]  ? binder_thread_write+0x2820/0x2820
[   98.503065][ T7911]  ? __fget+0x381/0x550
[   98.503074][ T7911]  ? ksys_dup3+0x3e0/0x3e0
[   98.503084][ T7911]  ? tomoyo_file_ioctl+0x23/0x30
[   98.503091][ T7911]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.503100][ T7911]  ? security_file_ioctl+0x93/0xc0
[   98.503108][ T7911]  ? binder_thread_write+0x2820/0x2820
[   98.503128][ T7911]  __ia32_compat_sys_ioctl+0x197/0x620
[   98.508615][ T7908] RSP: 0018:ffff88809039f6d8 EFLAGS: 00010293
[   98.514999][ T7911]  do_fast_syscall_32+0x281/0xc98
[   98.515012][ T7911]  entry_SYSENTER_compat+0x70/0x7f
[   98.515020][ T7911] RIP: 0023:0xf7f44869
[   98.515031][ T7911] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   98.515035][ T7911] RSP: 002b:00000000f7f4012c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   98.515043][ T7911] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[   98.515047][ T7911] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[   98.515051][ T7911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.515055][ T7911] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   98.515059][ T7911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.515070][ T7911] Modules linked in:
[   98.520123][ T7914] R10: ffffed1012073f32 R11: ffff88809039f997 R12: 0000000000000008
[   98.526009][ T7917] ---[ end trace 702b05b3e93fb3bf ]---
[   98.529828][ T7914] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   98.536091][ T7917] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.541088][ T7908] RAX: ffff888091170040 RBX: 0000000020001008 RCX: ffffffff854c7d3c
[   98.546638][ T7917] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.559906][ T7908] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006
[   98.564888][ T7914] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f40b40
[   98.584709][ T7908] RBP: ffff88809039f758 R08: ffff888091170040 R09: 0000000000000028
[   98.589613][ T7913] ---[ end trace 702b05b3e93fb3c0 ]---
[   98.595917][ T7908] R10: ffffed1012073f32 R11: ffff88809039f997 R12: 0000000000000008
[   98.601097][ T7911] ---[ end trace 702b05b3e93fb3c1 ]---
[   98.605659][ T7908] R13: 0000000000000028 R14: ffff88808961a250 R15: 0000000000000000
[   98.611213][ T7913] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.615431][ T7908] FS:  0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f40b40
[   98.620399][ T7911] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.626198][ T7908] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   98.631170][ T7913] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.637612][ T7908] CR2: 00000000f7efedb0 CR3: 000000008f2b9000 CR4: 00000000001406e0
[   98.643121][ T7911] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.648321][ T7908] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   98.653940][ T7917] RSP: 0018:ffff88809039f6d8 EFLAGS: 00010293
[   98.658862][ T7915] ---[ end trace 702b05b3e93fb3c2 ]---
[   98.664494][ T7913] RSP: 0018:ffff88809039f6d8 EFLAGS: 00010293
[   98.668345][ T7908] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   98.688813][ T7911] RSP: 0018:ffff88809039f6d8 EFLAGS: 00010293
[   98.696871][ T7915] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   98.705659][ T7925] binder: 7916:7925 ioctl 40046207 0 returned -16
[   98.713656][ T7915] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41
[   98.721636][ T7917] RAX: ffff888091170040 RBX: 0000000020001008 RCX: ffffffff854c7d3c
[   98.729707][ T7914] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   98.738505][ T7913] RAX: ffff888091170040 RBX: 0000000020001008 RCX: ffffffff854c7d3c
[   98.746164][ T7908] Kernel panic - not syncing: Fatal exception
[   98.750978][ T7911] RAX: ffff888091170040 RBX: 0000000020001008 RCX: ffffffff854c7d3c
[   98.756275][ T7908] Kernel Offset: disabled
[   99.496129][ T7908] Rebooting in 86400 seconds..