[ 36.782310] audit: type=1800 audit(1552143141.867:27): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.805293] audit: type=1800 audit(1552143141.867:28): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.530074] audit: type=1800 audit(1552143142.677:29): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.550343] audit: type=1800 audit(1552143142.677:30): pid=7574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 46.495316] binder: 7730:7730 transaction failed 29189/-22, size 0-8 line 2994 [ 46.497787] binder: 7735:7735 transaction failed 29189/-22, size 0-8 line 2994 [ 46.508161] binder: 7736:7736 transaction failed 29189/-22, size 0-8 line 2994 [ 46.513348] binder: 7737:7737 transaction failed 29189/-22, size 0-8 line 2994 [ 46.520436] binder: 7738:7738 transaction failed 29189/-22, size 0-8 line 2994 [ 46.528114] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.534462] ------------[ cut here ]------------ executing program executing program [ 46.542579] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.543357] kernel BUG at drivers/android/binder_alloc.c:1141! [ 46.543953] binder: BINDER_SET_CONTEXT_MGR already set [ 46.560388] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.560939] binder: BINDER_SET_CONTEXT_MGR already set [ 46.565760] CPU: 1 PID: 7739 Comm: syz-executor011 Not tainted 5.0.0+ #14 [ 46.565768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.565788] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 46.565801] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 7f 96 26 fc 4c 89 e6 4c 89 ef e8 94 97 26 fc 4d 39 e5 76 07 e8 6a 96 26 fc <0f> 0b e8 63 96 26 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 71 [ 46.565815] RSP: 0018:ffff888096da7550 EFLAGS: 00010293 [ 46.571747] binder: 7730:7730 ioctl 40046207 0 returned -16 [ 46.577983] RAX: ffff8880a8704280 RBX: 0000000020004000 RCX: ffffffff8549bf8c [ 46.577991] RDX: 0000000000000000 RSI: ffffffff8549bf96 RDI: 0000000000000006 [ 46.578000] RBP: ffff888096da75d0 R08: ffff8880a8704280 R09: 0000000000000028 [ 46.578007] R10: ffffed1012db4f01 R11: ffff888096da780f R12: 0000000000000008 [ 46.578015] R13: 0000000000000028 R14: ffff8880915ab8d0 R15: 0000000000000000 [ 46.578028] FS: 000000000096c940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 46.587473] binder_alloc: 7735: binder_alloc_buf, no vma [ 46.593141] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.593149] CR2: 0000000000000000 CR3: 000000009332e000 CR4: 00000000001406e0 [ 46.593159] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 executing program [ 46.593166] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.593174] Call Trace: [ 46.614464] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.617428] ? memcpy+0x46/0x50 [ 46.617447] binder_alloc_copy_from_buffer+0x37/0x42 [ 46.617463] binder_get_object+0xc3/0x200 [ 46.623252] binder: 7736:7736 ioctl 40046207 0 returned -16 [ 46.630423] binder_transaction+0x2b4a/0x6690 [ 46.630451] ? binder_thread_read+0x3d50/0x3d50 [ 46.630473] ? __lock_acquire+0x548/0x3fb0 [ 46.638133] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program executing program executing program executing program [ 46.644997] ? __might_fault+0x12b/0x1e0 [ 46.645017] ? lock_downgrade+0x880/0x880 [ 46.656178] binder_alloc: 7735: binder_alloc_buf, no vma [ 46.659536] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.659551] ? _copy_from_user+0xdd/0x150 [ 46.659568] binder_thread_write+0x64a/0x2820 [ 46.659587] ? binder_transaction+0x6690/0x6690 [ 46.668488] binder: 7740:7740 transaction failed 29189/-3, size 0-8 line 3147 [ 46.673245] ? __might_fault+0x12b/0x1e0 [ 46.673275] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 executing program executing program [ 46.679266] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.686401] ? _copy_from_user+0xdd/0x150 [ 46.686418] binder_ioctl+0x1033/0x183b [ 46.686436] ? binder_thread_write+0x2820/0x2820 [ 46.694114] binder: 7741:7741 transaction failed 29189/-3, size 0-8 line 3147 [ 46.700963] ? tomoyo_path_number_perm+0x263/0x520 [ 46.700979] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 46.701003] ? binder_thread_write+0x2820/0x2820 [ 46.706518] binder: BINDER_SET_CONTEXT_MGR already set [ 46.709020] do_vfs_ioctl+0xd6e/0x1390 executing program executing program executing program executing program [ 46.709037] ? ioctl_preallocate+0x210/0x210 [ 46.709053] ? __do_page_fault+0x623/0xda0 [ 46.709069] ? lock_downgrade+0x880/0x880 [ 46.713583] binder: 7741:7741 ioctl 40046207 0 returned -16 [ 46.717433] ? tomoyo_file_ioctl+0x23/0x30 [ 46.717448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.717461] ? security_file_ioctl+0x93/0xc0 [ 46.717476] ksys_ioctl+0xab/0xd0 [ 46.722374] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.727329] __x64_sys_ioctl+0x73/0xb0 [ 46.727345] do_syscall_64+0x103/0x610 executing program executing program executing program executing program executing program executing program [ 46.727359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.727371] RIP: 0033:0x445689 [ 46.733996] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.736517] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.736540] RSP: 002b:00007ffdb4992d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.736567] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445689 executing program executing program [ 46.736577] RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 46.743483] binder: 7744:7744 transaction failed 29189/-22, size 0-8 line 2994 [ 46.746226] RBP: 0000000000000000 R08: 0000000000000004 R09: 00000000004028b0 [ 46.746233] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402820 [ 46.746241] R13: 00000000004028b0 R14: 0000000000000000 R15: 0000000000000000 [ 46.746257] Modules linked in: [ 46.750898] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.760334] binder_alloc: 7744: binder_alloc_buf failed to map pages in userspace, no vma executing program executing program executing program executing program [ 46.770616] ---[ end trace 7dfebed76bcb4a68 ]--- [ 46.775336] binder: 7743:7743 transaction failed 29189/-22, size 0-8 line 2994 [ 46.781331] binder: 7747:7747 transaction failed 29189/-22, size 0-8 line 2994 [ 46.786830] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.791008] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 46.797759] binder_alloc: 7744: binder_alloc_buf, no vma [ 46.802537] binder: undelivered TRANSACTION_ERROR: 29189 [ 46.806013] binder: BINDER_SET_CONTEXT_MGR already set executing program executing program executing program [ 46.809735] binder_alloc: 7744: binder_alloc_buf, no vma [ 46.819539] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 7f 96 26 fc 4c 89 e6 4c 89 ef e8 94 97 26 fc 4d 39 e5 76 07 e8 6a 96 26 fc <0f> 0b e8 63 96 26 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 71 [ 46.823457] binder: BINDER_SET_CONTEXT_MGR already set [ 46.829087] RSP: 0018:ffff888096da7550 EFLAGS: 00010293 [ 46.831925] binder: 7746:7746 ioctl 40046207 0 returned -16 [ 46.837029] RAX: ffff8880a8704280 RBX: 0000000020004000 RCX: ffffffff8549bf8c [ 46.842055] binder: 7745:7745 ioctl 40046207 0 returned -16 [ 46.845961] RDX: 0000000000000000 RSI: ffffffff8549bf96 RDI: 0000000000000006 [ 46.852056] binder_alloc: 7742: binder_alloc_buf, no vma [ 46.867269] RBP: ffff888096da75d0 R08: ffff8880a8704280 R09: 0000000000000028 [ 46.879581] binder_alloc: 7748: binder_alloc_buf failed to map pages in userspace, no vma [ 46.884662] binder_alloc: 7742: binder_alloc_buf, no vma [ 46.891906] binder_alloc: 7748: binder_alloc_buf, no vma [ 46.903045] R10: ffffed1012db4f01 R11: ffff888096da780f R12: 0000000000000008 [ 46.911482] binder: BINDER_SET_CONTEXT_MGR already set [ 46.933768] R13: 0000000000000028 R14: ffff8880915ab8d0 R15: 0000000000000000 [ 46.940205] binder_alloc: 7756: binder_alloc_buf, no vma [ 46.947108] FS: 000000000096c940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 46.953119] binder_alloc: 7757: binder_alloc_buf, no vma [ 46.958840] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.967944] binder: 7750:7750 ioctl 40046207 0 returned -16 [ 46.974812] binder_alloc: 7759: binder_alloc_buf failed to map pages in userspace, no vma [ 46.981316] binder_alloc: 7756: binder_alloc_buf, no vma [ 46.983808] CR2: 00000000006d0090 CR3: 000000009332e000 CR4: 00000000001406f0 [ 46.994670] binder_alloc: 7758: binder_alloc_buf failed to map pages in userspace, no vma [ 46.998950] binder: BINDER_SET_CONTEXT_MGR already set [ 47.009659] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.012536] binder: 7760:7760 ioctl 40046207 0 returned -16 [ 47.023602] binder_alloc: 7763: binder_alloc_buf failed to map pages in userspace, no vma [ 47.041073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.049011] binder: BINDER_SET_CONTEXT_MGR already set [ 47.055381] Kernel panic - not syncing: Fatal exception [ 47.071233] binder: 7765:7765 ioctl 40046207 0 returned -16 [ 47.075351] Kernel Offset: disabled [ 47.271558] Rebooting in 86400 seconds..