[ 41.003544][ T26] audit: type=1800 audit(1553786569.673:25): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 41.037446][ T26] audit: type=1800 audit(1553786569.673:26): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 41.058172][ T26] audit: type=1800 audit(1553786569.673:27): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 41.082932][ T26] audit: type=1800 audit(1553786569.673:28): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. syzkaller login: [ 61.414402][ T7884] IPVS: ftp: loaded support on port[0] = 21 [ 61.414731][ T7887] IPVS: ftp: loaded support on port[0] = 21 [ 61.422145][ T7886] IPVS: ftp: loaded support on port[0] = 21 [ 61.428082][ T7885] IPVS: ftp: loaded support on port[0] = 21 [ 61.436694][ T7888] IPVS: ftp: loaded support on port[0] = 21 [ 61.442142][ T7883] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 61.533086][ T7889] binder: 7889:7889 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.545049][ T7889] binder: 7889:7889 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.553508][ T7889] binder: 7889:7889 transaction failed 29189/-22, size 0-8 line 2994 [ 61.564279][ T3244] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program [ 61.581820][ T7890] binder: 7890:7890 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.582507][ T7891] binder: 7891:7891 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.592838][ T7892] binder: 7892:7892 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.616425][ T7893] binder: 7893:7893 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.617535][ T7891] binder: 7891:7891 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.624523][ T7890] binder: 7890:7890 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.641569][ T7892] binder: 7892:7892 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.650297][ T7893] binder: 7893:7893 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.659147][ T7892] binder: 7892:7892 transaction failed 29189/-22, size 0-8 line 2994 [ 61.659226][ T7891] binder: 7891:7891 transaction failed 29189/-22, size 0-8 line 2994 [ 61.667566][ T7893] binder: 7893:7893 transaction failed 29189/-22, size 0-8 line 2994 executing program executing program [ 61.684307][ T3244] binder: undelivered TRANSACTION_ERROR: 29189 [ 61.693356][ T7894] binder: 7894:7894 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.695618][ T7895] binder: 7895:7895 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.703608][ T7890] binder: 7890:7890 transaction failed 29189/-22, size 0-8 line 2994 [ 61.711252][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 61.718955][ T7894] binder: 7894:7894 DecRefs 0 refcount change on invalid ref 1 ret -22 executing program executing program executing program [ 61.725302][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 61.739556][ T7896] binder: 7896:7896 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.740280][ T7895] binder: 7895:7895 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.749453][ T7898] binder: 7898:7898 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 61.756505][ T7895] binder: 7895:7895 transaction failed 29189/-22, size 0-8 line 2994 [ 61.765496][ T7897] binder: 7897:7897 BC_DEAD_BINDER_DONE 0000000000000004 not found executing program [ 61.772623][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 61.780670][ T7894] ------------[ cut here ]------------ [ 61.786531][ T7890] binder: BINDER_SET_CONTEXT_MGR already set [ 61.791986][ T7894] kernel BUG at drivers/android/binder_alloc.c:1141! [ 61.793961][ T7896] binder: 7896:7896 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.798502][ T7890] binder: 7890:7890 ioctl 40046207 0 returned -16 [ 61.805517][ T7897] binder: 7897:7897 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.817577][ T7899] binder: 7899:7899 DecRefs 0 refcount change on invalid ref 1 ret -22 [ 61.820075][ T7898] binder: 7898:7898 transaction failed 29189/-22, size 0-8 line 2994 [ 61.828291][ T7899] binder: 7899:7899 transaction failed 29189/-22, size 0-8 line 2994 [ 61.836696][ T7896] binder: 7896:7896 transaction failed 29189/-22, size 0-8 line 2994 [ 61.844872][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 61.853078][ T7897] binder: 7897:7897 transaction failed 29189/-22, size 0-8 line 2994 [ 61.860905][ T7894] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 61.860915][ T7894] CPU: 0 PID: 7894 Comm: syz-executor977 Not tainted 5.1.0-rc2+ #40 [ 61.860919][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.860943][ T7894] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 61.868597][ T7897] binder: BINDER_SET_CONTEXT_MGR already set [ 61.875125][ T7894] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41 executing program [ 61.875130][ T7894] RSP: 0018:ffff888098b7f550 EFLAGS: 00010293 [ 61.875137][ T7894] RAX: ffff88808d7d2180 RBX: 0000000020001000 RCX: ffffffff854c7d3c [ 61.875141][ T7894] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006 [ 61.875146][ T7894] RBP: ffff888098b7f5d0 R08: ffff88808d7d2180 R09: 0000000000000028 [ 61.875150][ T7894] R10: ffffed101316ff01 R11: ffff888098b7f80f R12: 0000000000000008 [ 61.875154][ T7894] R13: 0000000000000028 R14: ffff88809916cf90 R15: 0000000000000000 executing program executing program [ 61.875160][ T7894] FS: 00000000015ce940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 61.875164][ T7894] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.875179][ T7894] CR2: 0000000000000000 CR3: 000000008b7e2000 CR4: 00000000001406f0 [ 61.882039][ T7896] binder: BINDER_SET_CONTEXT_MGR already set [ 61.889464][ T7894] Call Trace: [ 61.889485][ T7894] ? memcpy+0x46/0x50 [ 61.889495][ T7894] binder_alloc_copy_from_buffer+0x37/0x42 [ 61.889505][ T7894] binder_get_object+0xc3/0x200 [ 61.889523][ T7894] binder_transaction+0x2b4a/0x6690 executing program executing program executing program executing program [ 61.899742][ T7897] binder: 7897:7897 ioctl 40046207 0 returned -16 [ 61.906249][ T7894] ? binder_thread_read+0x3d50/0x3d50 [ 61.906259][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 61.906268][ T7894] ? preempt_schedule+0x4b/0x60 [ 61.906284][ T7894] ? __might_fault+0x12b/0x1e0 [ 61.912447][ T7898] binder: BINDER_SET_CONTEXT_MGR already set [ 61.932131][ T7894] ? lock_downgrade+0x880/0x880 [ 61.932145][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.932154][ T7894] ? _copy_from_user+0xdd/0x150 [ 61.932165][ T7894] binder_thread_write+0x87e/0x2820 [ 61.932182][ T7894] ? binder_transaction+0x6690/0x6690 [ 61.932201][ T7894] ? __might_fault+0x12b/0x1e0 [ 61.939583][ T7896] binder: 7896:7896 ioctl 40046207 0 returned -16 [ 61.946228][ T7894] ? lock_downgrade+0x880/0x880 [ 61.946240][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.946259][ T7894] ? _copy_from_user+0xdd/0x150 [ 61.957491][ T7900] binder_alloc: 7899: binder_alloc_buf, no vma [ 61.962293][ T7894] binder_ioctl+0x1033/0x183b [ 61.962305][ T7894] ? binder_thread_write+0x2820/0x2820 executing program [ 61.962313][ T7894] ? tomoyo_path_number_perm+0x263/0x520 [ 61.962331][ T7894] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 61.970409][ T7898] binder: 7898:7898 ioctl 40046207 0 returned -16 [ 61.978308][ T7894] ? smack_log+0x415/0x540 [ 61.978318][ T7894] ? debug_check_no_obj_freed+0x200/0x464 [ 61.978334][ T7894] ? binder_thread_write+0x2820/0x2820 [ 61.978354][ T7894] do_vfs_ioctl+0xd6e/0x1390 [ 61.988890][ T7900] binder: BINDER_SET_CONTEXT_MGR already set [ 61.994006][ T7894] ? ioctl_preallocate+0x210/0x210 executing program executing program executing program [ 61.994015][ T7894] ? smack_file_ioctl+0x196/0x310 [ 61.994033][ T7894] ? smack_inode_rename+0x2d0/0x2d0 [ 62.009221][ T7901] binder_alloc: 7899: binder_alloc_buf, no vma [ 62.011239][ T7894] ? rcu_read_lock_sched_held+0x110/0x130 [ 62.011252][ T7894] ? kmem_cache_free+0x211/0x260 [ 62.011267][ T7894] ? do_sys_open+0x31d/0x5d0 [ 62.015500][ T7901] binder: BINDER_SET_CONTEXT_MGR already set [ 62.021035][ T7894] ? tomoyo_file_ioctl+0x23/0x30 [ 62.021045][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 executing program executing program executing program executing program executing program [ 62.021054][ T7894] ? security_file_ioctl+0x93/0xc0 [ 62.021063][ T7894] ksys_ioctl+0xab/0xd0 [ 62.021080][ T7894] __x64_sys_ioctl+0x73/0xb0 [ 62.025988][ T7900] binder: 7900:7900 ioctl 40046207 0 returned -16 [ 62.031096][ T7894] do_syscall_64+0x103/0x610 [ 62.031106][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.031113][ T7894] RIP: 0033:0x446399 executing program executing program executing program [ 62.031123][ T7894] Code: e8 dc e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.031127][ T7894] RSP: 002b:00007ffe16b37198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.031134][ T7894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000446399 [ 62.031139][ T7894] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003 [ 62.031153][ T7894] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.038839][ T7901] binder: 7901:7901 ioctl 40046207 0 returned -16 [ 62.042898][ T7894] R10: 00007ffe16b36cf0 R11: 0000000000000246 R12: 0000000000000000 [ 62.042902][ T7894] R13: 0000000000403510 R14: 0000000000000000 R15: 0000000000000000 [ 62.042909][ T7894] Modules linked in: [ 62.046449][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.051474][ T7903] binder_alloc: 7899: binder_alloc_buf, no vma [ 62.058899][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.065310][ T7904] binder_alloc: 7899: binder_alloc_buf, no vma [ 62.070920][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.082113][ T7903] binder: BINDER_SET_CONTEXT_MGR already set [ 62.086708][ T7894] ---[ end trace c2540b4084e27053 ]--- [ 62.091199][ T7902] binder_alloc: 7899: binder_alloc_buf, no vma [ 62.095504][ T7894] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 62.103793][ T7905] binder_alloc: 7899: binder_alloc_buf, no vma [ 62.106787][ T7894] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 4f f4 23 fc 4c 89 e6 4c 89 ef e8 64 f5 23 fc 4d 39 e5 76 07 e8 3a f4 23 fc <0f> 0b e8 33 f4 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 41 [ 62.113513][ T7903] binder: 7903:7903 ioctl 40046207 0 returned -16 [ 62.117978][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 62.124066][ T7904] binder: BINDER_SET_CONTEXT_MGR already set [ 62.138909][ T7894] RSP: 0018:ffff888098b7f550 EFLAGS: 00010293 [ 62.140079][ T7906] binder_alloc: 7899: binder_alloc_buf, no vma [ 62.145695][ T7894] RAX: ffff88808d7d2180 RBX: 0000000020001000 RCX: ffffffff854c7d3c [ 62.154711][ T7902] binder: BINDER_SET_CONTEXT_MGR already set [ 62.161387][ T7894] RDX: 0000000000000000 RSI: ffffffff854c7d46 RDI: 0000000000000006 [ 62.162593][ T7904] binder: 7904:7904 ioctl 40046207 0 returned -16 [ 62.167864][ T7894] RBP: ffff888098b7f5d0 R08: ffff88808d7d2180 R09: 0000000000000028 [ 62.172516][ T7905] binder: BINDER_SET_CONTEXT_MGR already set [ 62.178659][ T7894] R10: ffffed101316ff01 R11: ffff888098b7f80f R12: 0000000000000008 [ 62.183911][ T7902] binder: 7902:7902 ioctl 40046207 0 returned -16 [ 62.189170][ T7894] R13: 0000000000000028 R14: ffff88809916cf90 R15: 0000000000000000 [ 62.196170][ T7906] binder: BINDER_SET_CONTEXT_MGR already set [ 62.200482][ T7894] FS: 00000000015ce940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 62.208501][ T7906] binder: 7906:7906 ioctl 40046207 0 returned -16 [ 62.222397][ T7894] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.230576][ T7905] binder: 7905:7905 ioctl 40046207 0 returned -16 [ 62.238447][ T7894] CR2: 0000000000000000 CR3: 000000008b7e2000 CR4: 00000000001406f0 [ 62.286428][ T7918] binder_alloc: 7917: binder_alloc_buf failed to map pages in userspace, no vma [ 62.319830][ T7894] Kernel panic - not syncing: Fatal exception [ 62.327315][ T7911] binder_alloc: 7917: binder_alloc_buf, no vma [ 62.335697][ T7894] Kernel Offset: disabled [ 62.590945][ T7894] Rebooting in 86400 seconds..