[ 35.080248] audit: type=1800 audit(1551965060.815:30): pid=7347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 47.036026] binder: BINDER_SET_CONTEXT_MGR already set [ 47.042994] binder: 7503:7513 ioctl 40046207 0 returned -16 [ 47.043350] binder: BINDER_SET_CONTEXT_MGR already set [ 47.054432] binder: BINDER_SET_CONTEXT_MGR already set [ 47.056631] binder: 7506:7518 ioctl 40046207 0 returned -16 [ 47.059753] binder: BINDER_SET_CONTEXT_MGR already set [ 47.059779] binder: 7510:7515 ioctl 40046207 0 returned -16 [ 47.060320] binder: 7512:7517 ioctl 40046207 0 returned -16 [ 47.065662] binder: BINDER_SET_CONTEXT_MGR already set [ 47.065682] binder: 7508:7514 ioctl 40046207 0 returned -16 [ 47.066602] binder: BINDER_SET_CONTEXT_MGR already set [ 47.099521] binder: BINDER_SET_CONTEXT_MGR already set [ 47.104913] binder: 7511:7516 ioctl 40046207 0 returned -16 [ 47.105095] binder: BINDER_SET_CONTEXT_MGR already set [ 47.110653] binder: 7503:7519 ioctl 40046207 0 returned -16 [ 47.122144] binder: BINDER_SET_CONTEXT_MGR already set [ 47.123217] binder: 7510:7520 ioctl 40046207 0 returned -16 [ 47.128889] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.133565] binder: 7512:7522 ioctl 40046207 0 returned -16 [ 47.138962] binder: BINDER_SET_CONTEXT_MGR already set [ 47.145099] binder: 7506:7509 transaction failed 29189/-3, size 0-32 line 3147 [ 47.150313] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.157484] binder: BINDER_SET_CONTEXT_MGR already set [ 47.163048] binder: 7503:7513 transaction failed 29189/-3, size 0-32 line 3147 [ 47.168896] binder: 7508:7521 ioctl 40046207 0 returned -16 executing program executing program [ 47.186008] binder: 7511:7524 ioctl 40046207 0 returned -16 [ 47.186043] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.200891] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.203491] binder: 7510:7515 transaction failed 29189/-3, size 0-32 line 3147 [ 47.206965] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.217880] binder: BINDER_SET_CONTEXT_MGR already set [ 47.225148] binder: 7525:7526 ioctl 40046207 0 returned -16 [ 47.225740] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program [ 47.232374] binder: BINDER_SET_CONTEXT_MGR already set [ 47.241071] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.242554] binder: 7525:7528 ioctl 40046207 0 returned -16 [ 47.247697] binder: BINDER_SET_CONTEXT_MGR already set [ 47.258825] binder: 7508:7514 transaction failed 29189/-3, size 0-32 line 3147 [ 47.264789] binder: 7512:7517 transaction failed 29189/-3, size 0-32 line 3147 [ 47.266352] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.279560] binder: 7511:7516 transaction failed 29189/-3, size 0-32 line 3147 executing program executing program [ 47.290027] binder: 7527:7529 ioctl 40046207 0 returned -16 [ 47.290079] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.296421] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.301600] binder: BINDER_SET_CONTEXT_MGR already set [ 47.308334] binder: 7525:7526 transaction failed 29189/-3, size 0-32 line 3147 [ 47.314109] binder: 7532:7533 ioctl 40046207 0 returned -16 [ 47.321056] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.326184] binder: BINDER_SET_CONTEXT_MGR already set executing program [ 47.339818] binder: 7530:7531 ioctl 40046207 0 returned -16 [ 47.339908] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.346662] binder: BINDER_SET_CONTEXT_MGR already set [ 47.356949] binder: 7530:7541 ioctl 40046207 0 returned -16 [ 47.357076] binder: BINDER_SET_CONTEXT_MGR already set [ 47.368208] binder: 7527:7536 ioctl 40046207 0 returned -16 [ 47.368299] binder: BINDER_SET_CONTEXT_MGR already set [ 47.379345] binder: 7535:7539 ioctl 40046207 0 returned -16 executing program [ 47.379357] binder: BINDER_SET_CONTEXT_MGR already set [ 47.391497] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.391901] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.397095] binder: 7530:7531 transaction failed 29189/-3, size 0-32 line 3147 [ 47.404484] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.410036] binder: BINDER_SET_CONTEXT_MGR already set [ 47.420846] binder: 7537:7540 ioctl 40046207 0 returned -16 [ 47.421436] binder: 7532:7538 ioctl 40046207 0 returned -16 [ 47.427185] binder: BINDER_SET_CONTEXT_MGR already set [ 47.438502] binder: BINDER_SET_CONTEXT_MGR already set [ 47.440546] binder: 7527:7529 transaction failed 29189/-3, size 0-32 line 3147 [ 47.444048] binder_alloc: 7506: binder_alloc_buf, no vma [ 47.452228] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.457270] binder: 7535:7545 ioctl 40046207 0 returned -16 [ 47.463110] binder: BINDER_SET_CONTEXT_MGR already set [ 47.468783] binder: 7542:7544 ioctl 40046207 0 returned -16 [ 47.474105] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.480381] binder: BINDER_SET_CONTEXT_MGR already set executing program executing program executing program [ 47.485926] binder: 7547:7549 ioctl 40046207 0 returned -16 [ 47.490851] binder: 7535:7539 transaction failed 29189/-3, size 0-32 line 3147 [ 47.497238] binder: 7537:7550 ioctl 40046207 0 returned -16 [ 47.504554] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.510479] binder: BINDER_SET_CONTEXT_MGR already set [ 47.521282] ------------[ cut here ]------------ [ 47.523428] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.526050] kernel BUG at drivers/android/binder_alloc.c:1141! [ 47.527416] binder: 7542:7548 ioctl 40046207 0 returned -16 [ 47.541891] binder: BINDER_SET_CONTEXT_MGR already set [ 47.549527] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 47.550360] binder: 7552:7555 ioctl 40046207 0 returned -16 [ 47.554904] CPU: 0 PID: 7551 Comm: syz-executor486 Not tainted 5.0.0+ #10 [ 47.554910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.554931] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.554943] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.554949] RSP: 0018:ffff88808f0ef550 EFLAGS: 00010293 [ 47.554959] RAX: ffff88808fe7c700 RBX: 0000000020001000 RCX: ffffffff8545d12c [ 47.554965] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.554974] RBP: ffff88808f0ef5d0 R08: ffff88808fe7c700 R09: 0000000000000028 [ 47.560748] binder: BINDER_SET_CONTEXT_MGR already set [ 47.567596] R10: ffffed1011e1df01 R11: ffff88808f0ef80f R12: 0000000000000020 [ 47.567604] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 47.567614] FS: 00007fd49cd48700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 47.567621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.567628] CR2: 00007ffd0eb07fc0 CR3: 0000000095147000 CR4: 00000000001406f0 [ 47.567637] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.567644] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.567650] Call Trace: [ 47.577443] ------------[ cut here ]------------ [ 47.582792] ? memcpy+0x46/0x50 [ 47.601667] kernel BUG at drivers/android/binder_alloc.c:1141! [ 47.602508] binder: BINDER_SET_CONTEXT_MGR already set [ 47.607040] binder_alloc_copy_from_buffer+0x37/0x42 [ 47.607052] binder_get_object+0xc3/0x200 [ 47.607065] binder_transaction+0x2b4a/0x6690 [ 47.607083] ? binder_thread_read+0x3d20/0x3d20 [ 47.607094] ? __lock_acquire+0x548/0x3fb0 [ 47.607112] ? __might_fault+0x12b/0x1e0 [ 47.614512] binder: 7554:7557 ioctl 40046207 0 returned -16 [ 47.621667] ? lock_downgrade+0x880/0x880 [ 47.621688] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.621704] ? _copy_from_user+0xdd/0x150 [ 47.629074] binder: 7553:7556 ioctl 40046207 0 returned -16 [ 47.634229] binder_thread_write+0x64a/0x2820 [ 47.634248] ? binder_transaction+0x6690/0x6690 [ 47.634264] ? __might_fault+0x12b/0x1e0 [ 47.771252] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.776778] ? _copy_from_user+0xdd/0x150 [ 47.780922] binder_ioctl+0x1033/0x183b [ 47.784888] ? binder_thread_write+0x2820/0x2820 [ 47.789627] ? __lock_acquire+0x548/0x3fb0 [ 47.793846] ? do_futex+0x178/0x1d50 [ 47.797550] ? __fget+0x340/0x540 [ 47.801012] ? binder_thread_write+0x2820/0x2820 [ 47.805754] do_vfs_ioctl+0xd6e/0x1390 [ 47.809628] ? ioctl_preallocate+0x210/0x210 [ 47.814021] ? __fget+0x367/0x540 [ 47.817476] ? ksys_dup3+0x3e0/0x3e0 [ 47.821179] ? __x64_sys_futex+0x404/0x590 [ 47.825419] ? security_file_ioctl+0x93/0xc0 [ 47.829813] ksys_ioctl+0xab/0xd0 [ 47.833251] __x64_sys_ioctl+0x73/0xb0 [ 47.837126] do_syscall_64+0x103/0x610 [ 47.841000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.846173] RIP: 0033:0x44aa09 [ 47.849349] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.868255] RSP: 002b:00007fd49cd47ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.875961] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 000000000044aa09 [ 47.883216] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 47.890469] RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000 [ 47.897725] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c [ 47.904990] R13: 00007ffd0eb07f2f R14: 00007fd49cd489c0 R15: 0000000000000004 [ 47.912250] Modules linked in: [ 47.915444] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 47.916584] ------------[ cut here ]------------ [ 47.920815] CPU: 1 PID: 7540 Comm: syz-executor486 Tainted: G D 5.0.0+ #10 [ 47.925546] kernel BUG at drivers/android/binder_alloc.c:1141! [ 47.933856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.949236] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.955019] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.973919] RSP: 0018:ffff88808d19f550 EFLAGS: 00010293 [ 47.979285] RAX: ffff8880904c4380 RBX: 0000000020001020 RCX: ffffffff8545d12c [ 47.986577] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.993830] RBP: ffff88808d19f5d0 R08: ffff8880904c4380 R09: 0000000000000028 [ 48.001096] R10: ffffed1011a33f01 R11: ffff88808d19f80f R12: 0000000000000020 [ 48.008358] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 48.015629] FS: 00007fd49cd69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 48.023856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.029722] CR2: 00007fd49cd47db8 CR3: 0000000090e57000 CR4: 00000000001406e0 [ 48.036976] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.044244] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.051496] Call Trace: [ 48.054075] ? memcpy+0x46/0x50 [ 48.057445] binder_alloc_copy_from_buffer+0x37/0x42 [ 48.062546] binder_get_object+0xc3/0x200 [ 48.066693] binder_transaction+0x2b4a/0x6690 [ 48.071180] ? binder_thread_read+0x3d20/0x3d20 [ 48.075837] ? __lock_acquire+0x548/0x3fb0 [ 48.080062] ? __might_fault+0x12b/0x1e0 [ 48.084108] ? lock_downgrade+0x880/0x880 [ 48.088259] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.093796] ? _copy_from_user+0xdd/0x150 [ 48.097932] binder_thread_write+0x64a/0x2820 [ 48.102420] ? binder_transaction+0x6690/0x6690 [ 48.107070] ? __might_fault+0x12b/0x1e0 [ 48.111125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.116646] ? _copy_from_user+0xdd/0x150 [ 48.120782] binder_ioctl+0x1033/0x183b [ 48.124743] ? binder_thread_write+0x2820/0x2820 [ 48.129483] ? __lock_acquire+0x548/0x3fb0 [ 48.133709] ? do_futex+0x178/0x1d50 [ 48.137412] ? __fget+0x340/0x540 [ 48.140855] ? binder_thread_write+0x2820/0x2820 [ 48.145600] do_vfs_ioctl+0xd6e/0x1390 [ 48.149476] ? ioctl_preallocate+0x210/0x210 [ 48.153878] ? __fget+0x367/0x540 [ 48.157318] ? ksys_dup3+0x3e0/0x3e0 [ 48.161041] ? __x64_sys_futex+0x404/0x590 [ 48.165269] ? security_file_ioctl+0x93/0xc0 [ 48.169663] ksys_ioctl+0xab/0xd0 [ 48.173108] __x64_sys_ioctl+0x73/0xb0 [ 48.176986] do_syscall_64+0x103/0x610 [ 48.180863] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.186038] RIP: 0033:0x44aa09 [ 48.189219] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.208103] RSP: 002b:00007fd49cd68ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.215793] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 48.223398] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000005 [ 48.230652] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 48.237908] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 48.245158] R13: 00007ffd0eb07f2f R14: 00007fd49cd699c0 R15: 0000000000000000 [ 48.252419] Modules linked in: [ 48.255619] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 48.257966] ---[ end trace 64d35be003104f7c ]--- [ 48.260989] CPU: 0 PID: 7544 Comm: syz-executor486 Tainted: G D 5.0.0+ #10 [ 48.260996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.261016] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 48.261029] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 48.266526] binder: BINDER_SET_CONTEXT_MGR already set [ 48.274055] RSP: 0018:ffff88808cf97550 EFLAGS: 00010293 [ 48.274067] RAX: ffff8880864e8440 RBX: 0000000020001040 RCX: ffffffff8545d12c [ 48.274074] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 48.274083] RBP: ffff88808cf975d0 R08: ffff8880864e8440 R09: 0000000000000028 [ 48.283744] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 48.289198] R10: ffffed10119f2f01 R11: ffff88808cf9780f R12: 0000000000000020 [ 48.289204] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 48.289214] FS: 00007fd49cd69700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 48.289222] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.289229] CR2: 00007ffd0eb07fc0 CR3: 000000009f0fc000 CR4: 00000000001406f0 [ 48.289240] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.308727] binder_alloc: binder_alloc_mmap_handler: 7552 20001000-20004000 already mapped failed -16 [ 48.313541] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.313546] Call Trace: [ 48.313567] ? memcpy+0x46/0x50 [ 48.313599] binder_alloc_copy_from_buffer+0x37/0x42 [ 48.319125] binder: BINDER_SET_CONTEXT_MGR already set [ 48.326192] binder_get_object+0xc3/0x200 [ 48.326207] binder_transaction+0x2b4a/0x6690 [ 48.326228] ? binder_thread_read+0x3d20/0x3d20 [ 48.326243] ? mark_held_locks+0xf0/0xf0 [ 48.326256] ? mark_held_locks+0xf0/0xf0 [ 48.333582] binder: 7553:7560 ioctl 40046207 0 returned -16 [ 48.340776] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 48.340790] ? binder_get_thread+0x1db/0x7c0 [ 48.340804] ? lock_downgrade+0x880/0x880 [ 48.340815] ? __might_fault+0xfb/0x1e0 [ 48.340833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.347053] ------------[ cut here ]------------ [ 48.353863] ? _copy_from_user+0xdd/0x150 [ 48.361104] kernel BUG at drivers/android/binder_alloc.c:1141! [ 48.369323] binder_thread_write+0x64a/0x2820 [ 48.375684] ------------[ cut here ]------------ [ 48.382453] ? binder_transaction+0x6690/0x6690 [ 48.390202] kernel BUG at drivers/android/binder_alloc.c:1141! [ 48.390727] binder: 7554:7559 ioctl 40046207 0 returned -16 [ 48.399555] ? kasan_check_write+0x14/0x20 [ 48.399571] ? do_raw_spin_lock+0x12a/0x2e0 [ 48.399587] ? __might_fault+0xfb/0x1e0 [ 48.399607] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.531459] ? _copy_from_user+0xdd/0x150 [ 48.535606] binder_ioctl+0x1033/0x183b [ 48.539570] ? binder_thread_write+0x2820/0x2820 [ 48.544329] ? do_futex+0x178/0x1d50 [ 48.548030] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 48.552874] ? mark_held_locks+0xf0/0xf0 [ 48.556921] ? exit_robust_list+0x290/0x290 [ 48.561247] ? binder_thread_write+0x2820/0x2820 [ 48.565989] do_vfs_ioctl+0xd6e/0x1390 [ 48.569864] ? ioctl_preallocate+0x210/0x210 [ 48.574271] ? __fget+0x367/0x540 [ 48.577735] ? ksys_dup3+0x3e0/0x3e0 [ 48.581454] ? __x64_sys_futex+0x404/0x590 [ 48.585678] ? security_file_ioctl+0x93/0xc0 [ 48.590075] ksys_ioctl+0xab/0xd0 [ 48.593516] __x64_sys_ioctl+0x73/0xb0 [ 48.597401] do_syscall_64+0x103/0x610 [ 48.601276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.606470] RIP: 0033:0x44aa09 [ 48.609665] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.628550] RSP: 002b:00007fd49cd68ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.636240] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 48.643593] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 48.650846] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 48.658099] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 48.665351] R13: 00007ffd0eb07f2f R14: 00007fd49cd699c0 R15: 0000000000000000 [ 48.672620] Modules linked in: [ 48.675812] invalid opcode: 0000 [#4] PREEMPT SMP KASAN [ 48.678169] ------------[ cut here ]------------ [ 48.681185] CPU: 1 PID: 7556 Comm: syz-executor486 Tainted: G D 5.0.0+ #10 [ 48.685917] kernel BUG at drivers/android/binder_alloc.c:1141! [ 48.694212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.700512] binder: BINDER_SET_CONTEXT_MGR already set [ 48.709523] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 48.709536] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 48.709543] RSP: 0018:ffff8880900d7550 EFLAGS: 00010293 [ 48.709553] RAX: ffff888090200100 RBX: 0000000020001080 RCX: ffffffff8545d12c [ 48.709562] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 48.714925] binder: 7552:7561 ioctl 40046207 0 returned -16 [ 48.720606] RBP: ffff8880900d75d0 R08: ffff888090200100 R09: 0000000000000028 [ 48.720615] R10: ffffed101201af01 R11: ffff8880900d780f R12: 0000000000000020 [ 48.720623] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 48.720635] FS: 00007fd49cd69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 48.720645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.800904] CR2: 00007fd49cd05db8 CR3: 000000008e474000 CR4: 00000000001406e0 [ 48.808183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.815435] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.822686] Call Trace: [ 48.825266] ? memcpy+0x46/0x50 [ 48.828551] binder_alloc_copy_from_buffer+0x37/0x42 [ 48.833654] binder_get_object+0xc3/0x200 [ 48.837788] binder_transaction+0x2b4a/0x6690 [ 48.842302] ? binder_thread_read+0x3d20/0x3d20 [ 48.846962] ? mark_held_locks+0xf0/0xf0 [ 48.851005] ? mark_held_locks+0xf0/0xf0 [ 48.855051] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 48.860164] ? binder_get_thread+0x1db/0x7c0 [ 48.864560] ? lock_downgrade+0x880/0x880 [ 48.868693] ? __might_fault+0xfb/0x1e0 [ 48.872659] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.878183] ? _copy_from_user+0xdd/0x150 [ 48.882315] binder_thread_write+0x64a/0x2820 [ 48.886797] ? binder_transaction+0x6690/0x6690 [ 48.891451] ? kasan_check_write+0x14/0x20 [ 48.895670] ? do_raw_spin_lock+0x12a/0x2e0 [ 48.899990] ? __might_fault+0xfb/0x1e0 [ 48.903954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.909508] ? _copy_from_user+0xdd/0x150 [ 48.913648] binder_ioctl+0x1033/0x183b [ 48.917609] ? binder_thread_write+0x2820/0x2820 [ 48.922354] ? do_futex+0x178/0x1d50 [ 48.926067] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 48.930895] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.936419] ? mark_held_locks+0xf0/0xf0 [ 48.940467] ? exit_robust_list+0x290/0x290 [ 48.944776] ? binder_thread_write+0x2820/0x2820 [ 48.949518] do_vfs_ioctl+0xd6e/0x1390 [ 48.953392] ? ioctl_preallocate+0x210/0x210 [ 48.957786] ? __fget+0x367/0x540 [ 48.961227] ? ksys_dup3+0x3e0/0x3e0 [ 48.964930] ? __x64_sys_futex+0x404/0x590 [ 48.969156] ? security_file_ioctl+0x93/0xc0 [ 48.973552] ksys_ioctl+0xab/0xd0 [ 48.977001] __x64_sys_ioctl+0x73/0xb0 [ 48.980875] do_syscall_64+0x103/0x610 [ 48.984783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.989957] RIP: 0033:0x44aa09 [ 48.993134] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.012021] RSP: 002b:00007fd49cd68ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.019710] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 49.026966] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 49.034220] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 49.041473] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 49.048724] R13: 00007ffd0eb07f2f R14: 00007fd49cd699c0 R15: 0000000000000000 [ 49.055988] Modules linked in: [ 49.059195] invalid opcode: 0000 [#5] PREEMPT SMP KASAN [ 49.061130] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 49.064559] CPU: 0 PID: 7562 Comm: syz-executor486 Tainted: G D 5.0.0+ #10 [ 49.064566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.064587] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 49.064597] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 49.064603] RSP: 0018:ffff888090597550 EFLAGS: 00010293 [ 49.064613] RAX: ffff8880901fc280 RBX: 00000000200010a0 RCX: ffffffff8545d12c [ 49.064618] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 49.064624] RBP: ffff8880905975d0 R08: ffff8880901fc280 R09: 0000000000000028 [ 49.064630] R10: ffffed10120b2f01 R11: ffff88809059780f R12: 0000000000000020 [ 49.064641] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 49.167432] FS: 00007fd49cd06700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 49.175644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.181521] CR2: 00007ffd0eb07fc0 CR3: 0000000090931000 CR4: 00000000001406f0 [ 49.189037] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.196299] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.203671] Call Trace: [ 49.206260] ? memcpy+0x46/0x50 [ 49.209530] binder_alloc_copy_from_buffer+0x37/0x42 [ 49.214616] binder_get_object+0xc3/0x200 [ 49.218760] binder_transaction+0x2b4a/0x6690 [ 49.223620] ? binder_thread_read+0x3d20/0x3d20 [ 49.228276] ? mark_held_locks+0xf0/0xf0 [ 49.232324] ? mark_held_locks+0xf0/0xf0 [ 49.236374] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 49.241466] ? binder_get_thread+0x1db/0x7c0 [ 49.245858] ? lock_downgrade+0x880/0x880 [ 49.249992] ? __might_fault+0xfb/0x1e0 [ 49.253955] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.259495] ? _copy_from_user+0xdd/0x150 [ 49.263628] binder_thread_write+0x64a/0x2820 [ 49.268112] ? binder_transaction+0x6690/0x6690 [ 49.272767] ? kasan_check_write+0x14/0x20 [ 49.276985] ? do_raw_spin_lock+0x12a/0x2e0 [ 49.281308] ? __might_fault+0xfb/0x1e0 [ 49.285270] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.290790] ? _copy_from_user+0xdd/0x150 [ 49.294945] binder_ioctl+0x1033/0x183b [ 49.298910] ? binder_thread_write+0x2820/0x2820 [ 49.303656] ? mark_held_locks+0xf0/0xf0 [ 49.307722] ? binder_thread_write+0x2820/0x2820 [ 49.312463] do_vfs_ioctl+0xd6e/0x1390 [ 49.316337] ? ioctl_preallocate+0x210/0x210 [ 49.320736] ? __fget+0x367/0x540 [ 49.324199] ? ksys_dup3+0x3e0/0x3e0 [ 49.327916] ? security_file_ioctl+0x93/0xc0 [ 49.332311] ksys_ioctl+0xab/0xd0 [ 49.335766] __x64_sys_ioctl+0x73/0xb0 [ 49.339653] do_syscall_64+0x103/0x610 [ 49.343529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.348701] RIP: 0033:0x44aa09 [ 49.351884] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.370769] RSP: 002b:00007fd49cd05ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.378462] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 000000000044aa09 [ 49.385713] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 49.393382] RBP: 00000000006dbc50 R08: 00007fd49cd06700 R09: 0000000000000000 [ 49.400640] R10: 00007fd49cd06700 R11: 0000000000000246 R12: 00000000006dbc5c [ 49.407894] R13: 00007ffd0eb07f2f R14: 00007fd49cd069c0 R15: 0000000000000004 [ 49.415153] Modules linked in: [ 49.418349] invalid opcode: 0000 [#6] PREEMPT SMP KASAN [ 49.419620] ---[ end trace 64d35be003104f7d ]--- [ 49.423720] CPU: 1 PID: 7557 Comm: syz-executor486 Tainted: G D 5.0.0+ #10 [ 49.423728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.423749] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 49.423761] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 49.428621] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 49.436801] RSP: 0018:ffff88808ed47550 EFLAGS: 00010293 [ 49.436812] RAX: ffff8880908a4140 RBX: 0000000020001060 RCX: ffffffff8545d12c [ 49.436819] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 49.436827] RBP: ffff88808ed475d0 R08: ffff8880908a4140 R09: 0000000000000028 [ 49.436833] R10: ffffed1011da8f01 R11: ffff88808ed4780f R12: 0000000000000020 [ 49.436840] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 49.436850] FS: 00007fd49cd69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 49.436865] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.446632] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 49.452180] CR2: 00007fd49cd05db8 CR3: 0000000091ae1000 CR4: 00000000001406e0 [ 49.452191] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.452198] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.452202] Call Trace: [ 49.452227] ? memcpy+0x46/0x50 [ 49.452246] binder_alloc_copy_from_buffer+0x37/0x42 [ 49.471313] RSP: 0018:ffff88808f0ef550 EFLAGS: 00010293 [ 49.476907] binder_get_object+0xc3/0x200 [ 49.476923] binder_transaction+0x2b4a/0x6690 [ 49.476945] ? binder_thread_read+0x3d20/0x3d20 [ 49.476962] ? mark_held_locks+0xf0/0xf0 [ 49.482438] RAX: ffff88808fe7c700 RBX: 0000000020001000 RCX: ffffffff8545d12c [ 49.489556] ? mark_held_locks+0xf0/0xf0 [ 49.489571] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 49.489583] ? binder_get_thread+0x1db/0x7c0 [ 49.489595] ? lock_downgrade+0x880/0x880 [ 49.489610] ? __might_fault+0xfb/0x1e0 [ 49.497020] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 49.504126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.504141] ? _copy_from_user+0xdd/0x150 [ 49.504156] binder_thread_write+0x64a/0x2820 [ 49.511548] RBP: ffff88808f0ef5d0 R08: ffff88808fe7c700 R09: 0000000000000028 [ 49.518675] ? binder_transaction+0x6690/0x6690 [ 49.518688] ? kasan_check_write+0x14/0x20 [ 49.518702] ? do_raw_spin_lock+0x12a/0x2e0 [ 49.518717] ? __might_fault+0xfb/0x1e0 [ 49.527059] R10: ffffed1011e1df01 R11: ffff88808f0ef80f R12: 0000000000000020 [ 49.532795] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.532809] ? _copy_from_user+0xdd/0x150 [ 49.532824] binder_ioctl+0x1033/0x183b [ 49.551872] R13: 0000000000000028 R14: ffff8880903978d0 R15: 0000000000000000 [ 49.558980] ? binder_thread_write+0x2820/0x2820 [ 49.558997] ? do_futex+0x178/0x1d50 [ 49.559011] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 49.559025] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.566422] FS: 00007fd49cd48700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 49.573527] ? mark_held_locks+0xf0/0xf0 [ 49.573543] ? exit_robust_list+0x290/0x290 [ 49.573555] ? binder_thread_write+0x2820/0x2820 [ 49.573569] do_vfs_ioctl+0xd6e/0x1390 [ 49.576273] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.579394] ? ioctl_preallocate+0x210/0x210 [ 49.579408] ? __fget+0x367/0x540 [ 49.579420] ? ksys_dup3+0x3e0/0x3e0 [ 49.579434] ? __x64_sys_futex+0x404/0x590 [ 49.584708] CR2: 00007ffd0eb07fc0 CR3: 0000000095147000 CR4: 00000000001406f0 [ 49.589908] ? security_file_ioctl+0x93/0xc0 [ 49.589936] ksys_ioctl+0xab/0xd0 [ 49.589949] __x64_sys_ioctl+0x73/0xb0 [ 49.594140] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.598551] do_syscall_64+0x103/0x610 [ 49.598568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.598578] RIP: 0033:0x44aa09 [ 49.598589] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.598598] RSP: 002b:00007fd49cd68ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.603408] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.607454] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 49.607462] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 49.607469] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 49.607477] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 49.607485] R13: 00007ffd0eb07f2f R14: 00007fd49cd699c0 R15: 0000000000000000 [ 49.607497] Modules linked in: [ 49.614901] Kernel panic - not syncing: Fatal exception [ 49.620996] RSP: 0018:ffff88808f0ef550 EFLAGS: 00010293 [ 49.624959] Kernel Offset: disabled [ 49.902542] Rebooting in 86400 seconds..