[ 38.078456] audit: type=1800 audit(1551966606.012:32): pid=7634 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.755349] audit: type=1800 audit(1551966606.772:33): pid=7634 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 45.562600] kauditd_printk_skb: 2 callbacks suppressed [ 45.562617] audit: type=1400 audit(1551966613.582:36): avc: denied { map } for pid=7824 comm="syz-executor597" path="/root/syz-executor597189552" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.579360] binder: BINDER_SET_CONTEXT_MGR already set [ 45.604897] binder: BINDER_SET_CONTEXT_MGR already set [ 45.607910] audit: type=1400 audit(1551966613.602:37): avc: denied { map } for pid=7833 comm="syz-executor597" path="/dev/binder0" dev="devtmpfs" ino=17634 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 45.610548] binder: 7833:7835 ioctl 40046207 0 returned -16 [ 45.636368] audit: type=1400 audit(1551966613.602:38): avc: denied { set_context_mgr } for pid=7832 comm="syz-executor597" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 45.641811] binder: 7831:7837 ioctl 40046207 0 returned -16 [ 45.664664] binder: BINDER_SET_CONTEXT_MGR already set [ 45.676762] binder: BINDER_SET_CONTEXT_MGR already set [ 45.682107] binder: 7836:7839 ioctl 40046207 0 returned -16 [ 45.682110] binder: BINDER_SET_CONTEXT_MGR already set [ 45.682136] binder: 7838:7841 ioctl 40046207 0 returned -16 [ 45.688544] binder: 7832:7840 ioctl 40046207 0 returned -16 [ 45.693687] binder: BINDER_SET_CONTEXT_MGR already set [ 45.710438] binder: 7842:7843 ioctl 40046207 0 returned -16 [ 45.711326] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.722060] audit: type=1400 audit(1551966613.732:39): avc: denied { call } for pid=7832 comm="syz-executor597" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 45.722410] binder: 7832:7834 transaction failed 29189/-3, size 0-32 line 3147 [ 45.744726] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.752205] binder: BINDER_SET_CONTEXT_MGR already set [ 45.763202] binder: 7831:7837 transaction failed 29189/-3, size 0-32 line 3147 [ 45.764748] binder: 7838:7849 ioctl 40046207 0 returned -16 [ 45.770755] binder: BINDER_SET_CONTEXT_MGR already set [ 45.782321] binder: BINDER_SET_CONTEXT_MGR already set [ 45.787677] binder: BINDER_SET_CONTEXT_MGR already set [ 45.790318] binder: 7833:7850 ioctl 40046207 0 returned -16 [ 45.793109] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.793142] binder: 7838:7841 transaction failed 29189/-3, size 0-32 line 3147 executing program executing program executing program executing program [ 45.793206] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.800575] binder: 7831:7846 ioctl 40046207 0 returned -16 [ 45.806988] binder: 7836:7847 ioctl 40046207 0 returned -16 [ 45.812421] binder: BINDER_SET_CONTEXT_MGR already set [ 45.826029] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.830582] binder: undelivered TRANSACTION_ERROR: 29189 [ 45.834303] binder: 7836:7839 transaction failed 29189/-3, size 0-32 line 3147 [ 45.834355] binder: 7833:7835 transaction failed 29189/-3, size 0-32 line 3147 executing program executing program [ 45.837532] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.844915] binder: 7842:7848 ioctl 40046207 0 returned -16 [ 45.850017] binder: BINDER_SET_CONTEXT_MGR already set [ 45.858981] binder: 7842:7843 transaction failed 29189/-3, size 0-32 line 3147 [ 45.863299] binder: 7851:7853 ioctl 40046207 0 returned -16 [ 45.866981] binder: undelivered TRANSACTION_ERROR: 29189 [ 45.872334] binder: BINDER_SET_CONTEXT_MGR already set [ 45.900981] binder: 7851:7859 ioctl 40046207 0 returned -16 [ 45.904004] binder: BINDER_SET_CONTEXT_MGR already set [ 45.913818] binder: BINDER_SET_CONTEXT_MGR already set [ 45.917400] binder: 7856:7857 ioctl 40046207 0 returned -16 [ 45.919368] binder: BINDER_SET_CONTEXT_MGR already set [ 45.925337] binder: 7852:7854 ioctl 40046207 0 returned -16 [ 45.930917] binder: 7855:7858 ioctl 40046207 0 returned -16 [ 45.936445] binder: undelivered TRANSACTION_ERROR: 29189 [ 45.941945] binder_alloc: 7832: binder_alloc_buf, no vma [ 45.949078] binder: undelivered TRANSACTION_ERROR: 29189 [ 45.953381] binder: BINDER_SET_CONTEXT_MGR already set executing program [ 45.960236] binder: 7851:7853 transaction failed 29189/-3, size 0-32 line 3147 [ 45.965322] binder: BINDER_SET_CONTEXT_MGR already set [ 45.972918] binder: 7861:7864 ioctl 40046207 0 returned -16 [ 45.980325] binder: BINDER_SET_CONTEXT_MGR already set [ 45.986171] binder: 7860:7866 ioctl 40046207 0 returned -16 [ 45.989552] binder: 7856:7867 ioctl 40046207 0 returned -16 [ 45.994456] binder: undelivered TRANSACTION_ERROR: 29189 [ 45.999702] binder: BINDER_SET_CONTEXT_MGR already set [ 46.010860] binder: 7852:7862 ioctl 40046207 0 returned -16 [ 46.010864] binder: BINDER_SET_CONTEXT_MGR already set [ 46.010887] binder: 7855:7869 ioctl 40046207 0 returned -16 [ 46.018003] binder: BINDER_SET_CONTEXT_MGR already set [ 46.033225] binder_alloc: 7832: binder_alloc_buf, no vma [ 46.033775] binder: BINDER_SET_CONTEXT_MGR already set [ 46.039118] binder: 7856:7857 transaction failed 29189/-3, size 0-32 line 3147 [ 46.044922] binder: 7861:7864 ioctl 40046207 0 returned -16 [ 46.051784] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.057600] binder: 7871:7872 ioctl 40046207 0 returned -16 [ 46.062919] binder: BINDER_SET_CONTEXT_MGR already set [ 46.074179] binder_alloc: 7832: binder_alloc_buf, no vma [ 46.074506] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.081127] binder: BINDER_SET_CONTEXT_MGR already set [ 46.086995] binder: 7860:7870 ioctl 40046207 0 returned -16 [ 46.090803] binder_alloc: 7832: binder_alloc_buf, no vma [ 46.099323] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.102127] binder: 7855:7858 transaction failed 29189/-3, size 0-32 line 3147 executing program executing program executing program executing program executing program executing program [ 46.108488] binder: 7871:7873 ioctl 40046207 0 returned -16 [ 46.115008] binder: 7861:7864 transaction failed 29189/-3, size 0-32 line 3147 [ 46.122823] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.139101] binder: BINDER_SET_CONTEXT_MGR already set [ 46.147841] binder: 7875:7877 ioctl 40046207 0 returned -16 [ 46.147898] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.155047] binder: BINDER_SET_CONTEXT_MGR already set [ 46.167155] binder: BINDER_SET_CONTEXT_MGR already set [ 46.168528] binder: 7878:7883 ioctl 40046207 0 returned -16 [ 46.172613] binder: BINDER_SET_CONTEXT_MGR already set [ 46.179512] binder: 7874:7881 ioctl 40046207 0 returned -16 [ 46.184755] binder: 7879:7885 ioctl 40046207 0 returned -16 [ 46.190504] binder: BINDER_SET_CONTEXT_MGR already set [ 46.201864] binder: BINDER_SET_CONTEXT_MGR already set [ 46.203674] binder: 7874:7888 ioctl 40046207 0 returned -16 executing program [ 46.207937] binder: 7880:7884 ioctl 40046207 0 returned -16 [ 46.213069] binder: BINDER_SET_CONTEXT_MGR already set [ 46.224118] binder: 7882:7886 ioctl 40046207 0 returned -16 [ 46.224134] binder: BINDER_SET_CONTEXT_MGR already set [ 46.235640] binder: BINDER_SET_CONTEXT_MGR already set [ 46.241229] binder: 7878:7887 ioctl 40046207 0 returned -16 [ 46.241657] binder: BINDER_SET_CONTEXT_MGR already set [ 46.248308] binder: 7879:7889 ioctl 40046207 0 returned -16 [ 46.252940] binder: 7890:7893 ioctl 40046207 0 returned -16 [ 46.258445] binder: BINDER_SET_CONTEXT_MGR already set [ 46.271218] binder: 7880:7892 ioctl 40046207 0 returned -16 [ 46.272132] ------------[ cut here ]------------ [ 46.277546] ------------[ cut here ]------------ [ 46.281699] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.286438] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.294175] binder: BINDER_SET_CONTEXT_MGR already set [ 46.304296] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.304402] binder: 7890:7895 ioctl 40046207 0 returned -16 [ 46.309678] CPU: 0 PID: 7885 Comm: syz-executor597 Not tainted 5.0.0+ #10 [ 46.309686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.309712] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 46.309723] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 46.309730] RSP: 0018:ffff888097867550 EFLAGS: 00010293 [ 46.361700] RAX: ffff888098ea0480 RBX: 0000000020001020 RCX: ffffffff8545d12c [ 46.368968] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 46.376230] RBP: ffff8880978675d0 R08: ffff888098ea0480 R09: 0000000000000028 [ 46.383516] R10: ffffed1012f0cf01 R11: ffff88809786780f R12: 0000000000000020 [ 46.390782] R13: 0000000000000028 R14: ffff888098e80250 R15: 0000000000000000 [ 46.398049] FS: 00007f2eadeef700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 46.406284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.412164] CR2: 00007ffe0f548f30 CR3: 000000009fbee000 CR4: 00000000001406f0 [ 46.419432] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.426695] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.433955] Call Trace: [ 46.436550] ? memcpy+0x46/0x50 [ 46.439839] binder_alloc_copy_from_buffer+0x37/0x42 [ 46.444941] binder_get_object+0xc3/0x200 [ 46.449087] binder_transaction+0x2b4a/0x6690 [ 46.453592] ? binder_thread_read+0x3d20/0x3d20 [ 46.458267] ? __lock_acquire+0x548/0x3fb0 [ 46.462515] ? __might_fault+0x12b/0x1e0 [ 46.466576] ? lock_downgrade+0x880/0x880 [ 46.470731] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.476275] ? _copy_from_user+0xdd/0x150 [ 46.480425] binder_thread_write+0x64a/0x2820 [ 46.484922] ? binder_transaction+0x6690/0x6690 [ 46.489591] ? __might_fault+0x12b/0x1e0 [ 46.493662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.499195] ? _copy_from_user+0xdd/0x150 [ 46.503344] binder_ioctl+0x1033/0x183b [ 46.507323] ? binder_thread_write+0x2820/0x2820 [ 46.512075] ? __lock_acquire+0x548/0x3fb0 [ 46.516316] ? do_futex+0x178/0x1d50 [ 46.520039] ? __might_sleep+0x95/0x190 [ 46.524010] ? binder_thread_write+0x2820/0x2820 [ 46.528765] do_vfs_ioctl+0xd6e/0x1390 [ 46.532651] ? selinux_file_ioctl+0x46f/0x5e0 [ 46.537163] ? selinux_file_ioctl+0x125/0x5e0 [ 46.541657] ? ioctl_preallocate+0x210/0x210 [ 46.546059] ? selinux_file_mprotect+0x620/0x620 [ 46.550813] ? ksys_dup3+0x3e0/0x3e0 [ 46.554533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.560069] ? security_file_ioctl+0x93/0xc0 [ 46.564490] ksys_ioctl+0xab/0xd0 [ 46.567960] __x64_sys_ioctl+0x73/0xb0 [ 46.571853] do_syscall_64+0x103/0x610 [ 46.575743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.580925] RIP: 0033:0x44aa09 [ 46.584116] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.603013] RSP: 002b:00007f2eadeeece8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.610714] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 46.617975] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 46.625236] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 46.632535] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 46.639797] R13: 00007ffe0f548e9f R14: 00007f2eadeef9c0 R15: 0000000000000000 [ 46.647066] Modules linked in: [ 46.650276] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 46.650987] ------------[ cut here ]------------ [ 46.655656] CPU: 1 PID: 7886 Comm: syz-executor597 Tainted: G D 5.0.0+ #10 executing program executing program [ 46.660403] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.668702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.684009] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 46.689811] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 46.708726] RSP: 0018:ffff888096b47550 EFLAGS: 00010293 [ 46.714118] RAX: ffff8880988044c0 RBX: 0000000020001000 RCX: ffffffff8545d12c [ 46.721384] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 46.728649] RBP: ffff888096b475d0 R08: ffff8880988044c0 R09: 0000000000000028 [ 46.735912] R10: ffffed1012d68f01 R11: ffff888096b4780f R12: 0000000000000020 [ 46.743175] R13: 0000000000000028 R14: ffff888098e80250 R15: 0000000000000000 [ 46.750441] FS: 00007f2eadeef700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 46.758663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.764537] CR2: 0000000020000108 CR3: 000000008627f000 CR4: 00000000001406e0 [ 46.771817] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.779083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.786341] Call Trace: [ 46.788932] ? memcpy+0x46/0x50 [ 46.792217] binder_alloc_copy_from_buffer+0x37/0x42 [ 46.797321] binder_get_object+0xc3/0x200 [ 46.801470] binder_transaction+0x2b4a/0x6690 [ 46.805979] ? binder_thread_read+0x3d20/0x3d20 [ 46.810649] ? __lock_acquire+0x548/0x3fb0 [ 46.814890] ? __might_fault+0x12b/0x1e0 [ 46.818948] ? lock_downgrade+0x880/0x880 [ 46.823102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.828635] ? _copy_from_user+0xdd/0x150 [ 46.832781] binder_thread_write+0x64a/0x2820 [ 46.837290] ? binder_transaction+0x6690/0x6690 [ 46.841958] ? __might_fault+0x12b/0x1e0 [ 46.846051] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.851587] ? _copy_from_user+0xdd/0x150 [ 46.855732] binder_ioctl+0x1033/0x183b [ 46.859707] ? binder_thread_write+0x2820/0x2820 [ 46.864461] ? __lock_acquire+0x548/0x3fb0 [ 46.868697] ? do_futex+0x178/0x1d50 [ 46.872415] ? __might_sleep+0x95/0x190 [ 46.876385] ? binder_thread_write+0x2820/0x2820 [ 46.881145] do_vfs_ioctl+0xd6e/0x1390 [ 46.885046] ? selinux_file_ioctl+0x46f/0x5e0 [ 46.889539] ? selinux_file_ioctl+0x125/0x5e0 [ 46.894034] ? ioctl_preallocate+0x210/0x210 [ 46.898441] ? selinux_file_mprotect+0x620/0x620 [ 46.903199] ? ksys_dup3+0x3e0/0x3e0 [ 46.906920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.912458] ? security_file_ioctl+0x93/0xc0 [ 46.916864] ksys_ioctl+0xab/0xd0 [ 46.920314] __x64_sys_ioctl+0x73/0xb0 [ 46.924295] do_syscall_64+0x103/0x610 [ 46.928194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.933377] RIP: 0033:0x44aa09 [ 46.936567] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.955926] RSP: 002b:00007f2eadeeece8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.963636] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 46.970942] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 46.978205] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 46.985557] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 46.992826] R13: 00007ffe0f548e9f R14: 00007f2eadeef9c0 R15: 0000000000000000 [ 47.000102] Modules linked in: [ 47.003315] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 47.004973] ------------[ cut here ]------------ [ 47.008695] CPU: 0 PID: 7884 Comm: syz-executor597 Tainted: G D 5.0.0+ #10 [ 47.013432] kernel BUG at drivers/android/binder_alloc.c:1141! [ 47.021731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.028550] binder: BINDER_SET_CONTEXT_MGR already set [ 47.037032] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.037047] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.037054] RSP: 0018:ffff888095adf550 EFLAGS: 00010293 [ 47.037069] RAX: ffff888098c8a440 RBX: 0000000020001040 RCX: ffffffff8545d12c [ 47.042380] binder: 7897:7899 ioctl 40046207 0 returned -16 [ 47.048113] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.048122] RBP: ffff888095adf5d0 R08: ffff888098c8a440 R09: 0000000000000028 [ 47.048130] R10: ffffed1012b5bf01 R11: ffff888095adf80f R12: 0000000000000020 [ 47.048138] R13: 0000000000000028 R14: ffff888098e80250 R15: 0000000000000000 [ 47.048150] FS: 00007f2eadeef700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 47.048158] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.048170] CR2: 0000000000000000 CR3: 000000009168d000 CR4: 00000000001406f0 [ 47.135715] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.142983] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.150244] Call Trace: [ 47.152845] ? memcpy+0x46/0x50 [ 47.156134] binder_alloc_copy_from_buffer+0x37/0x42 [ 47.161234] binder_get_object+0xc3/0x200 [ 47.165485] binder_transaction+0x2b4a/0x6690 [ 47.169997] ? binder_thread_read+0x3d20/0x3d20 [ 47.174666] ? __lock_acquire+0x548/0x3fb0 [ 47.178910] ? __might_fault+0x12b/0x1e0 [ 47.182977] ? lock_downgrade+0x880/0x880 [ 47.187129] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.192664] ? _copy_from_user+0xdd/0x150 [ 47.196827] binder_thread_write+0x64a/0x2820 [ 47.201333] ? binder_transaction+0x6690/0x6690 [ 47.205997] ? __might_fault+0x12b/0x1e0 [ 47.210078] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.215614] ? _copy_from_user+0xdd/0x150 [ 47.219759] binder_ioctl+0x1033/0x183b [ 47.223736] ? binder_thread_write+0x2820/0x2820 [ 47.228486] ? __lock_acquire+0x548/0x3fb0 [ 47.232721] ? do_futex+0x178/0x1d50 [ 47.236440] ? __might_sleep+0x95/0x190 [ 47.240412] ? binder_thread_write+0x2820/0x2820 [ 47.245180] do_vfs_ioctl+0xd6e/0x1390 [ 47.249067] ? selinux_file_ioctl+0x46f/0x5e0 [ 47.253562] ? selinux_file_ioctl+0x125/0x5e0 [ 47.258054] ? ioctl_preallocate+0x210/0x210 [ 47.262461] ? selinux_file_mprotect+0x620/0x620 [ 47.267221] ? ksys_dup3+0x3e0/0x3e0 [ 47.270945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.276483] ? security_file_ioctl+0x93/0xc0 [ 47.280888] ksys_ioctl+0xab/0xd0 [ 47.284344] __x64_sys_ioctl+0x73/0xb0 [ 47.288232] do_syscall_64+0x103/0x610 [ 47.292131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.297322] RIP: 0033:0x44aa09 [ 47.300513] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.319414] RSP: 002b:00007f2eadeeece8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.327119] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 47.334384] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000005 [ 47.341646] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 47.348909] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 47.356175] R13: 00007ffe0f548e9f R14: 00007f2eadeef9c0 R15: 0000000000000000 [ 47.363447] Modules linked in: [ 47.366651] invalid opcode: 0000 [#4] PREEMPT SMP KASAN [ 47.369562] ---[ end trace 87eb33b4479e2e69 ]--- [ 47.372029] CPU: 1 PID: 7893 Comm: syz-executor597 Tainted: G D 5.0.0+ #10 [ 47.372037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.372061] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.372076] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.377137] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 47.385115] RSP: 0018:ffff888095817550 EFLAGS: 00010293 [ 47.385127] RAX: ffff888084024680 RBX: 0000000020001060 RCX: ffffffff8545d12c [ 47.385135] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.385143] RBP: ffff8880958175d0 R08: ffff888084024680 R09: 0000000000000028 [ 47.385151] R10: ffffed1012b02f01 R11: ffff88809581780f R12: 0000000000000020 [ 47.385159] R13: 0000000000000028 R14: ffff888098e80250 R15: 0000000000000000 [ 47.385173] FS: 00007f2eadeef700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 47.394652] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51 [ 47.400292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.400300] CR2: 00007f2eadecddb8 CR3: 000000008968b000 CR4: 00000000001406e0 [ 47.400311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.400319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.400323] Call Trace: [ 47.400346] ? memcpy+0x46/0x50 [ 47.400371] binder_alloc_copy_from_buffer+0x37/0x42 [ 47.419459] RSP: 0018:ffff888097867550 EFLAGS: 00010293 [ 47.425073] binder_get_object+0xc3/0x200 [ 47.425092] binder_transaction+0x2b4a/0x6690 [ 47.425122] ? binder_thread_read+0x3d20/0x3d20 [ 47.430591] RAX: ffff888098ea0480 RBX: 0000000020001020 RCX: ffffffff8545d12c [ 47.437736] ? mark_held_locks+0xf0/0xf0 [ 47.437751] ? mark_held_locks+0xf0/0xf0 [ 47.437767] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 47.437782] ? binder_get_thread+0x1db/0x7c0 [ 47.437796] ? lock_downgrade+0x880/0x880 [ 47.445164] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006 [ 47.452316] ? __might_fault+0xfb/0x1e0 [ 47.452335] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.452352] ? _copy_from_user+0xdd/0x150 [ 47.452369] binder_thread_write+0x64a/0x2820 [ 47.452389] ? binder_transaction+0x6690/0x6690 [ 47.459774] RBP: ffff8880978675d0 R08: ffff888098ea0480 R09: 0000000000000028 [ 47.466905] ? kasan_check_write+0x14/0x20 [ 47.466923] ? do_raw_spin_lock+0x12a/0x2e0 [ 47.466941] ? __might_fault+0xfb/0x1e0 [ 47.466964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.475293] R10: ffffed1012f0cf01 R11: ffff88809786780f R12: 0000000000000020 [ 47.494074] ? _copy_from_user+0xdd/0x150 [ 47.494091] binder_ioctl+0x1033/0x183b [ 47.494109] ? binder_thread_write+0x2820/0x2820 [ 47.494128] ? do_futex+0x178/0x1d50 [ 47.494144] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 47.494161] ? mark_held_locks+0xf0/0xf0 [ 47.500182] R13: 0000000000000028 R14: ffff888098e80250 R15: 0000000000000000 [ 47.507295] ? __might_sleep+0x95/0x190 [ 47.507312] ? binder_thread_write+0x2820/0x2820 [ 47.507328] do_vfs_ioctl+0xd6e/0x1390 [ 47.507345] ? selinux_file_ioctl+0x46f/0x5e0 [ 47.507358] ? selinux_file_ioctl+0x125/0x5e0 [ 47.514743] FS: 00007f2eadeef700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 47.521891] ? ioctl_preallocate+0x210/0x210 [ 47.521904] ? selinux_file_mprotect+0x620/0x620 [ 47.521922] ? ksys_dup3+0x3e0/0x3e0 [ 47.521942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.521960] ? security_file_ioctl+0x93/0xc0 [ 47.524631] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.527791] ksys_ioctl+0xab/0xd0 [ 47.527814] __x64_sys_ioctl+0x73/0xb0 [ 47.527832] do_syscall_64+0x103/0x610 [ 47.527853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.533037] CR2: 0000000020000108 CR3: 000000009fbee000 CR4: 00000000001406f0 [ 47.538285] RIP: 0033:0x44aa09 [ 47.538300] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.538307] RSP: 002b:00007f2eadeeece8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.538320] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044aa09 [ 47.538328] RDX: 0000000020000400 RSI: 00000000c0306201 RDI: 0000000000000004 [ 47.538335] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 47.538346] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 47.542592] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.546953] R13: 00007ffe0f548e9f R14: 00007f2eadeef9c0 R15: 0000000000000000 [ 47.546967] Modules linked in: [ 47.549142] ---[ end trace 87eb33b4479e2e6a ]--- [ 47.553701] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.559358] binder: BINDER_SET_CONTEXT_MGR already set [ 47.563727] Kernel panic - not syncing: Fatal exception [ 47.567412] binder: 7896:7898 ioctl 40046207 0 returned -16 [ 47.573080] Kernel Offset: disabled [ 47.866952] Rebooting in 86400 seconds..