INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-9,10.128.0.22' (ECDSA) to the list of known hosts.
2017/12/03 11:58:35 parsed 1 programs
2017/12/03 11:58:35 executed programs: 0
syzkaller login: [   35.262490] binder: 3098:3100 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.284634] binder: 3106:3107 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.320202] binder: send failed reply for transaction 2 to 3098:3100
[   35.325574] binder: BINDER_SET_CONTEXT_MGR already set
[   35.325583] binder: 3106:3114 ioctl 40046207 0 returned -16
[   35.327426] binder_alloc: 3106: binder_alloc_buf, no vma
[   35.327453] binder: 3106:3108 transaction failed 29189/-3, size 0-0 line 2870
[   35.350771] binder: 3106:3114 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.351982] binder: 3098:3116 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.358399] binder: send failed reply for transaction 4 to 3106:3107
[   35.373670] binder: send failed reply for transaction 7 to 3098:3113
[   35.375141] binder: undelivered TRANSACTION_COMPLETE
[   35.375148] binder: undelivered TRANSACTION_ERROR: 29189
[   35.375154] binder: undelivered TRANSACTION_COMPLETE
[   35.375158] binder: undelivered TRANSACTION_ERROR: 29189
[   35.393366] binder: 3111:3112 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.401175] binder: send failed reply for transaction 9 to 3111:3112
[   35.407263] binder: 3111:3115 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.421260] binder: undelivered TRANSACTION_COMPLETE
[   35.421265] binder: undelivered TRANSACTION_ERROR: 29189
[   35.421294] binder: release 3111:3112 transaction 11 out, still active
[   35.421300] binder: undelivered TRANSACTION_COMPLETE
[   35.421326] binder: send failed reply for transaction 11, target dead
[   35.426896] binder: 3117:3119 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.440771] binder: 3121:3122 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.455695] binder: send failed reply for transaction 13 to 3117:3119
[   35.465671] binder: 3117:3126 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.475426] binder: 3123:3124 DecRefs 0 refcount change on invalid ref 0 ret -22
[   35.480971] binder: send failed reply for transaction 15 to 3121:3122
[   35.486383] binder: send failed reply for transaction 17 to 3117:3119
[   35.486386] ------------[ cut here ]------------
[   35.486388] Unexpected reply error: 29189
[   35.486496] WARNING: CPU: 1 PID: 1404 at drivers/android/binder.c:1924 binder_send_failed_reply+0x13b/0x350
[   35.486499] Kernel panic - not syncing: panic_on_warn set ...
[   35.486499] 
[   35.486505] CPU: 1 PID: 1404 Comm: kworker/1:2 Not tainted 4.15.0-rc1+ #205
[   35.486507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.486512] Workqueue: events binder_deferred_func
[   35.486516] Call Trace:
[   35.486524]  dump_stack+0x194/0x257
[   35.486533]  ? arch_local_irq_restore+0x53/0x53
[   35.486544]  ? vsnprintf+0x1ed/0x1900
[   35.486556]  panic+0x1e4/0x41c
[   35.486561]  ? refcount_error_report+0x214/0x214
[   35.486567]  ? show_regs_print_info+0x65/0x65
[   35.486581]  ? __warn+0x1c1/0x200
[   35.486591]  ? binder_send_failed_reply+0x13b/0x350
[   35.486595]  __warn+0x1dc/0x200
[   35.486601]  ? binder_send_failed_reply+0x13b/0x350
[   35.486622]  report_bug+0x211/0x2d0
[   35.486635]  fixup_bug.part.11+0x37/0x80
[   35.486642]  do_error_trap+0x2d7/0x3e0
[   35.486647]  ? __down_trylock_console_sem+0x10d/0x1e0
[   35.486657]  ? math_error+0x400/0x400
[   35.486662]  ? vprintk_emit+0x3ea/0x590
[   35.486670]  ? vprintk_emit+0x3ea/0x590
[   35.486685]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.486698]  do_invalid_op+0x1b/0x20
[   35.486704]  invalid_op+0x18/0x20
[   35.486709] RIP: 0010:binder_send_failed_reply+0x13b/0x350
[   35.486711] RSP: 0018:ffff8801d2acf0f8 EFLAGS: 00010286
[   35.486716] RAX: dffffc0000000008 RBX: ffff8801d56e0000 RCX: ffffffff8159c48e
[   35.486719] RDX: 0000000000000000 RSI: 1ffff1003a561931 RDI: 0000000000000293
[   35.486721] RBP: ffff8801d2acf120 R08: 1ffff1003a559db2 R09: 0000000000000000
[   35.486724] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801ce69f540
[   35.486727] R13: 0000000000007205 R14: 0000000000007205 R15: 0000000000000c2d
[   35.486742]  ? vprintk_func+0x5e/0xc0
[   35.486753]  ? binder_send_failed_reply+0x13b/0x350
[   35.486763]  binder_release_work+0x3d9/0x580
[   35.486773]  ? kzalloc.constprop.53+0x20/0x20
[   35.486787]  ? do_raw_spin_trylock+0x190/0x190
[   35.486797]  ? kfree+0xe4/0x250
[   35.486802]  ? binder_deferred_func+0xe8a/0x12f0
[   35.486812]  ? _raw_spin_unlock+0x22/0x30
[   35.486822]  binder_deferred_func+0xdf5/0x12f0
[   35.486843]  ? binder_cleanup_ref_olocked+0xab0/0xab0
[   35.486851]  ? mntput_no_expire+0x15e/0xa90
[   35.486862]  ? find_held_lock+0x39/0x1d0
[   35.486872]  ? check_noncircular+0x20/0x20
[   35.486888]  ? lock_acquire+0x1d5/0x580
[   35.486894]  ? process_one_work+0xb2f/0x1be0
[   35.486913]  ? __lock_is_held+0xbc/0x140
[   35.486934]  process_one_work+0xbfd/0x1be0
[   35.486954]  ? pwq_dec_nr_in_flight+0x450/0x450
[   35.486960]  ? finish_task_switch+0x1d3/0x740
[   35.486964]  ? finish_task_switch+0x1aa/0x740
[   35.486988]  ? perf_trace_lock_acquire+0xe3/0x980
[   35.487006]  ? perf_trace_lock+0x900/0x900
[   35.487011]  ? __sched_text_start+0x8/0x8
[   35.487023]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   35.487034]  ? check_noncircular+0x20/0x20
[   35.487046]  ? find_held_lock+0x39/0x1d0
[   35.487066]  ? lock_acquire+0x1d5/0x580
[   35.487071]  ? worker_thread+0x4a3/0x1990
[   35.487084]  ? lock_release+0xda0/0xda0
[   35.487090]  ? retint_kernel+0x10/0x10
[   35.487098]  ? do_raw_spin_trylock+0x190/0x190
[   35.487122]  worker_thread+0x223/0x1990
[   35.487150]  ? process_one_work+0x1be0/0x1be0
[   35.487160]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.487168]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.487174]  ? trace_hardirqs_on+0xd/0x10
[   35.487179]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.487185]  ? finish_task_switch+0x1d3/0x740
[   35.487189]  ? finish_task_switch+0x1aa/0x740
[   35.487200]  ? copy_overflow+0x20/0x20
[   35.487218]  ? __schedule+0x8f3/0x2060
[   35.487222]  ? check_noncircular+0x20/0x20
[   35.487244]  ? find_held_lock+0x39/0x1d0
[   35.487258]  ? find_held_lock+0x39/0x1d0
[   35.487276]  ? lock_downgrade+0x980/0x980
[   35.487283]  ? default_wake_function+0x30/0x50
[   35.487298]  ? __schedule+0x2060/0x2060
[   35.487302]  ? do_wait_intr+0x3e0/0x3e0
[   35.487311]  ? do_raw_spin_trylock+0x190/0x190
[   35.487319]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   35.487327]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.487333]  ? trace_hardirqs_on+0xd/0x10
[   35.487339]  ? __kthread_parkme+0x175/0x240
[   35.487349]  kthread+0x37a/0x440
[   35.487354]  ? process_one_work+0x1be0/0x1be0
[   35.487357]  ? kthread_stop+0x7b0/0x7b0
[   35.487366]  ret_from_fork+0x24/0x30
[   35.492225] Dumping ftrace buffer:
[   35.492268]    (ftrace buffer empty)
[   35.492270] Kernel Offset: disabled
[   35.938394] Rebooting in 86400 seconds..