[ 36.452379] audit: type=1800 audit(1551963952.920:27): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.481251] audit: type=1800 audit(1551963952.920:28): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.235602] audit: type=1800 audit(1551963953.750:29): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.254488] audit: type=1800 audit(1551963953.750:30): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 45.997024] binder: BINDER_SET_CONTEXT_MGR already set [ 46.003924] binder: 7720:7724 ioctl 40046207 0 returned -16 [ 46.003927] binder: BINDER_SET_CONTEXT_MGR already set [ 46.015190] binder: 7721:7727 ioctl 40046207 0 returned -16 [ 46.015205] binder: BINDER_SET_CONTEXT_MGR already set [ 46.026575] binder: BINDER_SET_CONTEXT_MGR already set [ 46.027508] binder: 7722:7726 ioctl 40046207 0 returned -16 [ 46.032035] binder: BINDER_SET_CONTEXT_MGR already set [ 46.043138] binder: 7718:7723 ioctl 40046207 0 returned -16 [ 46.049124] binder: BINDER_SET_CONTEXT_MGR already set [ 46.054490] binder: 7712:7728 ioctl 40046207 0 returned -16 [ 46.054534] binder: BINDER_SET_CONTEXT_MGR already set [ 46.060288] binder: 7719:7725 ioctl 40046207 0 returned -16 [ 46.072095] binder: 7720:7729 ioctl 40046207 0 returned -16 [ 46.072115] binder: BINDER_SET_CONTEXT_MGR already set [ 46.083732] binder: 7721:7730 ioctl 40046207 0 returned -16 [ 46.084024] binder_alloc: 7712: binder_alloc_buf, no vma executing program [ 46.089838] binder: BINDER_SET_CONTEXT_MGR already set [ 46.095364] binder: 7712:7717 transaction failed 29189/-3, size 0-32 line 3147 [ 46.100608] binder: BINDER_SET_CONTEXT_MGR already set [ 46.117558] binder: 7722:7731 ioctl 40046207 0 returned -16 [ 46.123458] binder: 7718:7732 ioctl 40046207 0 returned -16 [ 46.123515] binder_alloc: 7712: binder_alloc_buf, no vma [ 46.135025] binder: BINDER_SET_CONTEXT_MGR already set [ 46.135253] binder: 7720:7724 transaction failed 29189/-3, size 0-32 line 3147 executing program [ 46.140526] binder_alloc: 7712: binder_alloc_buf, no vma [ 46.154076] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.154408] binder: BINDER_SET_CONTEXT_MGR already set [ 46.159870] binder: 7719:7733 ioctl 40046207 0 returned -16 [ 46.165626] binder: 7734:7735 ioctl 40046207 0 returned -16 [ 46.171145] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.185039] binder_alloc: 7712: binder_alloc_buf, no vma [ 46.185059] binder: 7722:7726 transaction failed 29189/-3, size 0-32 line 3147 executing program executing program [ 46.191708] binder_alloc: 7712: binder_alloc_buf, no vma [ 46.198694] binder: BINDER_SET_CONTEXT_MGR already set [ 46.207546] binder: 7721:7727 transaction failed 29189/-3, size 0-32 line 3147 [ 46.209453] binder: 7734:7739 ioctl 40046207 0 returned -16 [ 46.217675] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.224980] binder: 7734:7735 transaction failed 29189/-22, size 0-32 line 2994 [ 46.232424] binder_alloc: 7712: binder_alloc_buf, no vma [ 46.243752] binder: BINDER_SET_CONTEXT_MGR already set [ 46.248987] binder: 7718:7723 transaction failed 29189/-3, size 0-32 line 3147 [ 46.250622] binder: 7740:7743 ioctl 40046207 0 returned -16 [ 46.257184] binder: BINDER_SET_CONTEXT_MGR already set [ 46.270180] binder: 7719:7725 transaction failed 29189/-3, size 0-32 line 3147 [ 46.279475] binder: BINDER_SET_CONTEXT_MGR already set [ 46.288154] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program executing program executing program [ 46.288166] binder_alloc: 7740: binder_alloc_buf, no vma [ 46.293868] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.299596] binder: 7744:7745 ioctl 40046207 0 returned -16 [ 46.310564] binder: 7737:7738 ioctl 40046207 0 returned -16 [ 46.318344] binder: 7740:7742 transaction failed 29189/-3, size 0-32 line 3147 [ 46.318534] binder: BINDER_SET_CONTEXT_MGR already set [ 46.333556] binder: BINDER_SET_CONTEXT_MGR already set [ 46.339047] binder: 7746:7752 ioctl 40046207 0 returned -16 [ 46.340009] binder: BINDER_SET_CONTEXT_MGR already set [ 46.344842] binder: 7747:7750 ioctl 40046207 0 returned -16 [ 46.361800] binder: 7737:7741 ioctl 40046207 0 returned -16 [ 46.361891] binder: BINDER_SET_CONTEXT_MGR already set [ 46.373121] binder: BINDER_SET_CONTEXT_MGR already set [ 46.378664] binder: 7744:7753 ioctl 40046207 0 returned -16 [ 46.378758] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.384420] binder: BINDER_SET_CONTEXT_MGR already set [ 46.384445] binder: 7746:7756 ioctl 40046207 0 returned -16 [ 46.391741] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.396219] ------------[ cut here ]------------ [ 46.401392] binder: BINDER_SET_CONTEXT_MGR already set [ 46.406586] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.407484] binder: 7748:7751 ioctl 40046207 0 returned -16 [ 46.412630] ------------[ cut here ]------------ [ 46.417242] ------------[ cut here ]------------ [ 46.422719] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.428415] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.434368] ------------[ cut here ]------------ [ 46.440742] binder: BINDER_SET_CONTEXT_MGR already set [ 46.443856] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.447091] binder: 7747:7757 ioctl 40046207 0 returned -16 [ 46.453363] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.477039] CPU: 0 PID: 7752 Comm: syz-executor473 Not tainted 5.0.0+ #10 [ 46.483958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.493325] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 46.499119] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 46.518103] RSP: 0018:ffff888087b07550 EFLAGS: 00010293 [ 46.523465] RAX: ffff88809fa62180 RBX: 0000000020001000 RCX: ffffffff8545d12c [ 46.530734] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 46.537998] RBP: ffff888087b075d0 R08: ffff88809fa62180 R09: 0000000000000028 [ 46.545265] R10: ffffed1010f60f01 R11: ffff888087b0780f R12: 0000000000000020 [ 46.552532] R13: 0000000000000028 R14: ffff88809f19b450 R15: 0000000000000000 [ 46.559801] FS: 00007f673a52b700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 46.568026] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.573899] CR2: 0000000000000000 CR3: 0000000088dff000 CR4: 00000000001406f0 [ 46.581165] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.588434] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.595699] Call Trace: [ 46.598293] ? memcpy+0x46/0x50 [ 46.601579] binder_alloc_copy_from_buffer+0x37/0x42 [ 46.606679] binder_get_object+0xc3/0x200 [ 46.610824] binder_transaction+0x2b4a/0x6690 [ 46.615341] ? binder_thread_read+0x3d20/0x3d20 [ 46.620028] ? __lock_acquire+0x548/0x3fb0 [ 46.624272] ? __might_fault+0x12b/0x1e0 [ 46.628333] ? lock_downgrade+0x880/0x880 [ 46.632485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.638026] ? _copy_from_user+0xdd/0x150 [ 46.642180] binder_thread_write+0x64a/0x2820 [ 46.646686] ? binder_transaction+0x6690/0x6690 [ 46.651355] ? __might_fault+0x12b/0x1e0 [ 46.655430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.660971] ? _copy_from_user+0xdd/0x150 [ 46.665121] binder_ioctl+0x1033/0x183b [ 46.669101] ? binder_thread_write+0x2820/0x2820 [ 46.673869] ? __lock_acquire+0x548/0x3fb0 [ 46.678103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.683638] ? smack_log+0x415/0x540 [ 46.687352] ? smk_access_entry+0x1c0/0x1c0 [ 46.691675] ? __fget+0x340/0x540 [ 46.695126] ? smk_access+0x40d/0x570 [ 46.698929] ? smk_tskacc+0x2ba/0x390 [ 46.702738] ? binder_thread_write+0x2820/0x2820 [ 46.707502] do_vfs_ioctl+0xd6e/0x1390 [ 46.711419] ? smk_curacc+0x7f/0xa0 [ 46.715042] ? ioctl_preallocate+0x210/0x210 [ 46.719445] ? smack_file_ioctl+0x196/0x300 [ 46.723762] ? smack_file_lock+0x240/0x240 [ 46.727995] ? __fget+0x367/0x540 [ 46.731453] ? __x64_sys_futex+0x404/0x590 [ 46.735690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.741225] ? security_file_ioctl+0x93/0xc0 [ 46.745631] ksys_ioctl+0xab/0xd0 [ 46.749088] __x64_sys_ioctl+0x73/0xb0 [ 46.752978] do_syscall_64+0x103/0x610 [ 46.756882] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.762071] RIP: 0033:0x44aa09 [ 46.765264] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.784193] RSP: 002b:00007f673a52ace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.791906] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 46.799195] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 46.806935] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 46.814200] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 46.821469] R13: 00007fffd7d757ef R14: 00007f673a52b9c0 R15: 0000000000000000 [ 46.828743] Modules linked in: [ 46.831955] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 46.837346] CPU: 1 PID: 7745 Comm: syz-executor473 Tainted: G D 5.0.0+ #10 [ 46.838774] binder: 7754:7759 ioctl 40046207 0 returned -16 [ 46.845679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.845705] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 46.845719] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 46.845730] RSP: 0018:ffff88809cd5f550 EFLAGS: 00010293 [ 46.890835] RAX: ffff88809eac0700 RBX: 0000000020001060 RCX: ffffffff8545d12c [ 46.898112] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 46.905397] RBP: ffff88809cd5f5d0 R08: ffff88809eac0700 R09: 0000000000000028 [ 46.912681] R10: ffffed10139abf01 R11: ffff88809cd5f80f R12: 0000000000000020 [ 46.919964] R13: 0000000000000028 R14: ffff88809f19b450 R15: 0000000000000000 [ 46.927250] FS: 00007f673a52b700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 46.935937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.941824] CR2: 00007f673a4e8db8 CR3: 0000000096855000 CR4: 00000000001406e0 [ 46.949112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.956394] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.963692] Call Trace: [ 46.966300] ? memcpy+0x46/0x50 [ 46.969604] binder_alloc_copy_from_buffer+0x37/0x42 [ 46.974714] binder_get_object+0xc3/0x200 [ 46.978880] binder_transaction+0x2b4a/0x6690 [ 46.983426] ? binder_thread_read+0x3d20/0x3d20 [ 46.988101] ? __lock_acquire+0x548/0x3fb0 [ 46.992377] ? __might_fault+0x12b/0x1e0 [ 46.996456] ? lock_downgrade+0x880/0x880 [ 47.000622] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.006193] ? _copy_from_user+0xdd/0x150 [ 47.010361] binder_thread_write+0x64a/0x2820 [ 47.014869] ? binder_transaction+0x6690/0x6690 [ 47.019537] ? __might_fault+0x12b/0x1e0 [ 47.023613] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.029154] ? _copy_from_user+0xdd/0x150 [ 47.033311] binder_ioctl+0x1033/0x183b [ 47.037294] ? binder_thread_write+0x2820/0x2820 [ 47.042057] ? __lock_acquire+0x548/0x3fb0 [ 47.046301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.051856] ? smack_log+0x415/0x540 [ 47.055576] ? smk_access_entry+0x1c0/0x1c0 [ 47.059902] ? __fget+0x340/0x540 [ 47.063360] ? smk_access+0x40d/0x570 [ 47.067169] ? smk_tskacc+0x2ba/0x390 [ 47.070981] ? binder_thread_write+0x2820/0x2820 [ 47.075748] do_vfs_ioctl+0xd6e/0x1390 [ 47.079642] ? smk_curacc+0x7f/0xa0 [ 47.083281] ? ioctl_preallocate+0x210/0x210 [ 47.087691] ? smack_file_ioctl+0x196/0x300 [ 47.092019] ? smack_file_lock+0x240/0x240 [ 47.096256] ? __fget+0x367/0x540 [ 47.099724] ? __x64_sys_futex+0x404/0x590 [ 47.103962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.109514] ? security_file_ioctl+0x93/0xc0 [ 47.113931] ksys_ioctl+0xab/0xd0 [ 47.117394] __x64_sys_ioctl+0x73/0xb0 [ 47.121289] do_syscall_64+0x103/0x610 [ 47.125183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.130376] RIP: 0033:0x44aa09 [ 47.133569] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.152474] RSP: 002b:00007f673a52ace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.160187] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 47.167461] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000005 [ 47.174753] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 47.182031] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 47.189301] R13: 00007fffd7d757ef R14: 00007f673a52b9c0 R15: 0000000000000000 [ 47.196595] Modules linked in: [ 47.199820] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 47.201326] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.205230] CPU: 0 PID: 7750 Comm: syz-executor473 Tainted: G D 5.0.0+ #10 [ 47.217228] binder_alloc: 7754: binder_alloc_buf, no vma [ 47.218971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.218997] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.219012] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.258615] RSP: 0018:ffff8880873f7550 EFLAGS: 00010293 [ 47.263990] RAX: ffff8880891a0100 RBX: 0000000020001040 RCX: ffffffff8545d12c [ 47.271270] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.278550] RBP: ffff8880873f75d0 R08: ffff8880891a0100 R09: 0000000000000028 [ 47.285836] R10: ffffed1010e7ef01 R11: ffff8880873f780f R12: 0000000000000020 [ 47.293112] R13: 0000000000000028 R14: ffff88809f19b450 R15: 0000000000000000 [ 47.300405] FS: 00007f673a52b700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 47.308636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.314520] CR2: 0000000000000000 CR3: 00000000a4954000 CR4: 00000000001406f0 [ 47.321794] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.329082] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.337055] Call Trace: [ 47.339671] ? memcpy+0x46/0x50 [ 47.343010] binder_alloc_copy_from_buffer+0x37/0x42 [ 47.348133] binder_get_object+0xc3/0x200 [ 47.352287] binder_transaction+0x2b4a/0x6690 [ 47.356795] ? binder_thread_read+0x3d20/0x3d20 [ 47.361466] ? __lock_acquire+0x548/0x3fb0 [ 47.365715] ? __might_fault+0x12b/0x1e0 [ 47.369790] ? lock_downgrade+0x880/0x880 [ 47.373962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.379515] ? _copy_from_user+0xdd/0x150 [ 47.383674] binder_thread_write+0x64a/0x2820 [ 47.388181] ? binder_transaction+0x6690/0x6690 [ 47.392869] ? __might_fault+0x12b/0x1e0 [ 47.396952] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.402497] ? _copy_from_user+0xdd/0x150 [ 47.406657] binder_ioctl+0x1033/0x183b [ 47.410642] ? binder_thread_write+0x2820/0x2820 [ 47.415408] ? __lock_acquire+0x548/0x3fb0 [ 47.419668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.425204] ? smack_log+0x415/0x540 [ 47.428922] ? smk_access_entry+0x1c0/0x1c0 [ 47.433248] ? __fget+0x340/0x540 [ 47.436705] ? smk_access+0x40d/0x570 [ 47.440513] ? smk_tskacc+0x2ba/0x390 [ 47.444318] ? binder_thread_write+0x2820/0x2820 [ 47.449076] do_vfs_ioctl+0xd6e/0x1390 [ 47.452967] ? smk_curacc+0x7f/0xa0 [ 47.456595] ? ioctl_preallocate+0x210/0x210 [ 47.461002] ? smack_file_ioctl+0x196/0x300 [ 47.465321] ? smack_file_lock+0x240/0x240 [ 47.469558] ? __fget+0x367/0x540 [ 47.473024] ? __x64_sys_futex+0x404/0x590 [ 47.477266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.482806] ? security_file_ioctl+0x93/0xc0 [ 47.487223] ksys_ioctl+0xab/0xd0 [ 47.490683] __x64_sys_ioctl+0x73/0xb0 [ 47.494576] do_syscall_64+0x103/0x610 [ 47.498468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.503657] RIP: 0033:0x44aa09 [ 47.506860] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.525880] RSP: 002b:00007f673a52ace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.533599] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 47.540874] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 47.548146] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 47.555424] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 47.562705] R13: 00007fffd7d757ef R14: 00007f673a52b9c0 R15: 0000000000000000 [ 47.569983] Modules linked in: [ 47.573285] invalid opcode: 0000 [#4] PREEMPT SMP KASAN [ 47.573595] binder: BINDER_SET_CONTEXT_MGR already set [ 47.578666] CPU: 1 PID: 7738 Comm: syz-executor473 Tainted: G D 5.0.0+ #10 [ 47.578673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.578697] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.578713] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.585705] binder: 7748:7760 ioctl 40046207 0 returned -16 [ 47.592298] RSP: 0018:ffff88809b8bf550 EFLAGS: 00010293 [ 47.592310] RAX: ffff888083396540 RBX: 0000000020001020 RCX: ffffffff8545d12c [ 47.592316] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.592324] RBP: ffff88809b8bf5d0 R08: ffff888083396540 R09: 0000000000000028 [ 47.592332] R10: ffffed1013717f01 R11: ffff88809b8bf80f R12: 0000000000000020 [ 47.592339] R13: 0000000000000028 R14: ffff88809f19b450 R15: 0000000000000000 [ 47.592349] FS: 00007f673a52b700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 47.592362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.592370] CR2: 00007f673a4e8db8 CR3: 00000000a0feb000 CR4: 00000000001406e0 [ 47.592380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.592387] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.592397] Call Trace: [ 47.601964] ---[ end trace 6f32f0a148d7403b ]--- [ 47.607557] ? memcpy+0x46/0x50 [ 47.607579] binder_alloc_copy_from_buffer+0x37/0x42 [ 47.607594] binder_get_object+0xc3/0x200 [ 47.607609] binder_transaction+0x2b4a/0x6690 [ 47.626700] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.632233] ? binder_thread_read+0x3d20/0x3d20 [ 47.632248] ? __lock_acquire+0x548/0x3fb0 [ 47.632270] ? __might_fault+0x12b/0x1e0 executing program [ 47.632285] ? lock_downgrade+0x880/0x880 [ 47.637766] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.644919] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.644936] ? _copy_from_user+0xdd/0x150 [ 47.644954] binder_thread_write+0x64a/0x2820 [ 47.652351] RSP: 0018:ffff888087b07550 EFLAGS: 00010293 [ 47.659497] ? binder_transaction+0x6690/0x6690 [ 47.659513] ? __might_fault+0x12b/0x1e0 [ 47.659538] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.659553] ? _copy_from_user+0xdd/0x150 [ 47.659569] binder_ioctl+0x1033/0x183b [ 47.666959] RAX: ffff88809fa62180 RBX: 0000000020001000 RCX: ffffffff8545d12c [ 47.674119] ? binder_thread_write+0x2820/0x2820 [ 47.674133] ? __lock_acquire+0x548/0x3fb0 [ 47.674149] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.674162] ? smack_log+0x415/0x540 [ 47.674176] ? smk_access_entry+0x1c0/0x1c0 [ 47.674192] ? __fget+0x340/0x540 [ 47.682587] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.688308] ? smk_access+0x40d/0x570 [ 47.688325] ? smk_tskacc+0x2ba/0x390 [ 47.688339] ? binder_thread_write+0x2820/0x2820 [ 47.688361] do_vfs_ioctl+0xd6e/0x1390 [ 47.688376] ? smk_curacc+0x7f/0xa0 [ 47.695734] RBP: ffff888087b075d0 R08: ffff88809fa62180 R09: 0000000000000028 [ 47.702916] ? ioctl_preallocate+0x210/0x210 [ 47.702930] ? smack_file_ioctl+0x196/0x300 [ 47.702940] ? smack_file_lock+0x240/0x240 [ 47.702951] ? __fget+0x367/0x540 [ 47.702971] ? __x64_sys_futex+0x404/0x590 [ 47.702986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.703000] ? security_file_ioctl+0x93/0xc0 [ 47.703013] ksys_ioctl+0xab/0xd0 [ 47.703027] __x64_sys_ioctl+0x73/0xb0 [ 47.710411] R10: ffffed1010f60f01 R11: ffff888087b0780f R12: 0000000000000020 [ 47.712874] do_syscall_64+0x103/0x610 [ 47.712894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.712907] RIP: 0033:0x44aa09 [ 47.717754] R13: 0000000000000028 R14: ffff88809f19b450 R15: 0000000000000000 [ 47.720921] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.720928] RSP: 002b:00007f673a52ace8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.720942] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 47.720949] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000005 [ 47.720961] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 47.726135] FS: 00007f673a52b700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 47.730185] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 47.730193] R13: 00007fffd7d757ef R14: 00007f673a52b9c0 R15: 0000000000000000 [ 47.730206] Modules linked in: [ 47.736047] binder: 7754:7755 transaction failed 29189/-3, size 0-32 line 3147 [ 47.740677] binder_alloc: 7754: binder_alloc_buf, no vma [ 47.746548] ---[ end trace 6f32f0a148d7403c ]--- [ 47.749967] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.754311] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.759863] binder: 7748:7751 transaction failed 29189/-3, size 0-32 line 3147 [ 47.777925] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.782597] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.786845] RSP: 0018:ffff888087b07550 EFLAGS: 00010293 [ 47.794442] binder: BINDER_SET_CONTEXT_MGR already set [ 47.797592] RAX: ffff88809fa62180 RBX: 0000000020001000 RCX: ffffffff8545d12c [ 47.801493] CR2: 0000000000000000 CR3: 0000000088dff000 CR4: 00000000001406f0 [ 47.805952] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.811497] binder: 7761:7763 ioctl 40046207 0 returned -16 [ 47.811597] binder_alloc: 7761: binder_alloc_buf, no vma [ 47.816182] RBP: ffff888087b075d0 R08: ffff88809fa62180 R09: 0000000000000028 [ 47.819843] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.827541] R10: ffffed1010f60f01 R11: ffff888087b0780f R12: 0000000000000020 [ 47.832222] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.838957] R13: 0000000000000028 R14: ffff88809f19b450 R15: 0000000000000000 [ 47.843650] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.848868] FS: 00007f673a52b700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 47.849787] Kernel panic - not syncing: Fatal exception [ 47.856201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.861291] Kernel Offset: disabled [ 48.196138] Rebooting in 86400 seconds..