INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-5,10.128.15.207' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 executing program syzkaller login: [ 40.947812] binder: 3087:3087 ERROR: BC_REGISTER_LOOPER called without request [ 40.949478] binder: 3087:3087 ioctl c0306201 2000dfd0 returned -14 [ 40.951406] ------------[ cut here ]------------ [ 40.952081] kernel BUG at drivers/android/binder_alloc.c:750! [ 40.952884] invalid opcode: 0000 [#1] SMP KASAN [ 40.953505] Dumping ftrace buffer: [ 40.954012] (ftrace buffer empty) [ 40.954508] Modules linked in: [ 40.954941] CPU: 0 PID: 1404 Comm: kworker/0:2 Not tainted 4.15.0-rc1+ #203 [ 40.955885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.957109] Workqueue: events binder_deferred_func [ 40.957763] task: 0000000009b739b6 task.stack: 00000000c1d4442c [ 40.958562] RIP: 0010:binder_alloc_deferred_release+0x146/0xa40 [ 40.959356] RSP: 0018:ffff8801d2b16fd8 EFLAGS: 00010293 [ 40.960066] RAX: ffff8801d2b08080 RBX: ffff8801d7829300 RCX: ffffffff8403b856 [ 40.961042] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8801d7829330 [ 40.961994] RBP: ffff8801d2b17138 R08: ffffffff8403b7d9 R09: 1ffffffff0e53001 [ 40.962945] R10: ffff8801d2b16fc8 R11: ffffffff87489d60 R12: 0000000000000000 [ 40.963897] R13: dffffc0000000000 R14: ffff8801d2b17110 R15: ffff8801d7829310 [ 40.964849] FS: 0000000000000000(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000 [ 40.965922] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.966695] CR2: 00000000006d00a8 CR3: 0000000005e25000 CR4: 00000000001406f0 [ 40.967650] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.968613] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.975848] Call Trace: [ 40.978399] ? _binder_inner_proc_lock+0x2c/0x50 [ 40.983121] ? binder_alloc_mmap_handler+0x900/0x900 [ 40.988190] ? do_raw_spin_trylock+0x190/0x190 [ 40.992737] ? do_raw_spin_trylock+0x190/0x190 [ 40.997289] ? _raw_spin_unlock+0x22/0x30 [ 41.001401] binder_proc_dec_tmpref+0x2f3/0x420 [ 41.006035] ? binder_wakeup_thread_ilocked+0x3d0/0x3d0 [ 41.011363] ? do_raw_spin_trylock+0x190/0x190 [ 41.015911] ? kfree+0xe4/0x250 [ 41.019153] ? binder_deferred_func+0xe8a/0x12f0 [ 41.023874] ? _raw_spin_unlock+0x22/0x30 [ 41.027985] binder_deferred_func+0xe22/0x12f0 [ 41.032531] ? __lock_is_held+0xbc/0x140 [ 41.036557] ? binder_cleanup_ref_olocked+0xab0/0xab0 [ 41.041718] ? set_next_entity+0x2ed/0xd70 [ 41.045918] ? find_held_lock+0x39/0x1d0 [ 41.049944] ? check_noncircular+0x20/0x20 [ 41.054145] ? lock_acquire+0x1d5/0x580 [ 41.058083] ? process_one_work+0xb2f/0x1be0 [ 41.062459] ? __lock_is_held+0xbc/0x140 [ 41.066495] process_one_work+0xbfd/0x1be0 [ 41.070703] ? pwq_dec_nr_in_flight+0x450/0x450 [ 41.075336] ? finish_task_switch+0x1d3/0x740 [ 41.079796] ? finish_task_switch+0x1aa/0x740 [ 41.084266] ? __sched_text_start+0x8/0x8 [ 41.088399] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.093563] ? check_noncircular+0x20/0x20 [ 41.097764] ? find_held_lock+0x39/0x1d0 [ 41.101794] ? lock_acquire+0x1d5/0x580 [ 41.105737] ? worker_thread+0x4a3/0x1990 [ 41.109857] ? lock_release+0xda0/0xda0 [ 41.113798] ? retint_kernel+0x10/0x10 [ 41.117649] ? do_raw_spin_trylock+0x190/0x190 [ 41.122218] worker_thread+0x223/0x1990 [ 41.126165] ? process_one_work+0x1be0/0x1be0 [ 41.130624] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.135084] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.140067] ? trace_hardirqs_on+0xd/0x10 [ 41.144179] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.148638] ? finish_task_switch+0x1d3/0x740 [ 41.153095] ? finish_task_switch+0x1aa/0x740 [ 41.157555] ? copy_overflow+0x20/0x20 [ 41.161410] ? __schedule+0x8f3/0x2060 [ 41.165259] ? check_noncircular+0x20/0x20 [ 41.169465] ? find_held_lock+0x39/0x1d0 [ 41.173494] ? find_held_lock+0x39/0x1d0 [ 41.177523] ? lock_downgrade+0x980/0x980 [ 41.181634] ? default_wake_function+0x30/0x50 [ 41.186183] ? __schedule+0x2060/0x2060 [ 41.190119] ? do_wait_intr+0x3e0/0x3e0 [ 41.194057] ? do_raw_spin_trylock+0x190/0x190 [ 41.198608] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 41.203677] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.208663] ? trace_hardirqs_on+0xd/0x10 [ 41.212777] ? __kthread_parkme+0x175/0x240 [ 41.217063] kthread+0x37a/0x440 [ 41.220391] ? process_one_work+0x1be0/0x1be0 [ 41.224851] ? kthread_stop+0x7b0/0x7b0 [ 41.228788] ret_from_fork+0x24/0x30 [ 41.232472] Code: e8 00 40 6c fd 49 8d 7f 20 49 8d 5f f0 48 89 fa 48 c1 ea 03 42 80 3c 2a 00 0f 85 84 07 00 00 49 83 7f 20 00 74 a9 e8 da 3f 6c fd <0f> 0b 48 8b 9d e8 fe ff ff 44 89 a5 bc fe ff ff e8 c5 3f 6c fd [ 41.251530] RIP: binder_alloc_deferred_release+0x146/0xa40 RSP: ffff8801d2b16fd8 [ 41.259184] ---[ end trace 616e085d0dbf3c21 ]--- [ 41.263991] Kernel panic - not syncing: Fatal exception [ 41.269651] Dumping ftrace buffer: [ 41.273155] (ftrace buffer empty) [ 41.276830] Kernel Offset: disabled [ 41.280421] Rebooting in 86400 seconds..