[ 25.047817] audit: type=1800 audit(1560817801.372:23): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2442 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.540048] IPVS: ftp: loaded support on port[0] = 21 [ 47.967696] can: request_module (can-proto-0) failed. [ 48.904399] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. 2019/06/18 00:30:33 parsed 1 programs 2019/06/18 00:30:33 executed programs: 0 [ 57.399891] IPVS: ftp: loaded support on port[0] = 21 [ 57.409605] IPVS: ftp: loaded support on port[0] = 21 [ 57.422153] IPVS: ftp: loaded support on port[0] = 21 [ 57.424203] IPVS: ftp: loaded support on port[0] = 21 [ 57.429685] IPVS: ftp: loaded support on port[0] = 21 [ 57.457080] IPVS: ftp: loaded support on port[0] = 21 [ 57.635879] chnl_net:caif_netlink_parms(): no params data found [ 57.730257] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.737027] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.744429] device bridge_slave_0 entered promiscuous mode [ 57.753683] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.760078] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.766877] device bridge_slave_1 entered promiscuous mode [ 57.796656] chnl_net:caif_netlink_parms(): no params data found [ 57.812002] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.819740] chnl_net:caif_netlink_parms(): no params data found [ 57.831907] chnl_net:caif_netlink_parms(): no params data found [ 57.855239] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.917206] team0: Port device team_slave_0 added [ 57.925719] team0: Port device team_slave_1 added [ 57.949813] chnl_net:caif_netlink_parms(): no params data found [ 57.962519] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.969258] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.976149] device bridge_slave_0 entered promiscuous mode [ 57.983022] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.989418] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.996506] device bridge_slave_1 entered promiscuous mode [ 58.050633] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.056998] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.064054] device bridge_slave_0 entered promiscuous mode [ 58.072832] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.079909] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.086695] device bridge_slave_0 entered promiscuous mode [ 58.094940] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.105812] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.118729] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.125142] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.132794] device bridge_slave_1 entered promiscuous mode [ 58.147297] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.156129] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.163553] device bridge_slave_1 entered promiscuous mode [ 58.170073] chnl_net:caif_netlink_parms(): no params data found [ 58.240374] device hsr_slave_0 entered promiscuous mode [ 58.287851] device hsr_slave_1 entered promiscuous mode [ 58.351149] team0: Port device team_slave_0 added [ 58.363802] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.372638] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.390648] team0: Port device team_slave_1 added [ 58.414930] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.429411] team0: Port device team_slave_0 added [ 58.435297] team0: Port device team_slave_1 added [ 58.445693] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.452592] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.459560] device bridge_slave_0 entered promiscuous mode [ 58.470830] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.477173] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.484350] device bridge_slave_1 entered promiscuous mode [ 58.491334] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.511856] team0: Port device team_slave_0 added [ 58.589150] device hsr_slave_0 entered promiscuous mode [ 58.637848] device hsr_slave_1 entered promiscuous mode [ 58.705194] team0: Port device team_slave_1 added [ 58.725316] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.732120] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.739766] device bridge_slave_0 entered promiscuous mode [ 58.747364] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.758307] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.830139] device hsr_slave_0 entered promiscuous mode [ 58.897821] device hsr_slave_1 entered promiscuous mode [ 58.948275] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.954675] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.962392] device bridge_slave_1 entered promiscuous mode [ 59.001411] team0: Port device team_slave_0 added [ 59.012258] team0: Port device team_slave_1 added [ 59.060342] device hsr_slave_0 entered promiscuous mode [ 59.098099] device hsr_slave_1 entered promiscuous mode [ 59.141516] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 59.150659] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 59.176775] team0: Port device team_slave_0 added [ 59.198995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.229705] team0: Port device team_slave_1 added [ 59.252112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.299573] device hsr_slave_0 entered promiscuous mode [ 59.357945] device hsr_slave_1 entered promiscuous mode [ 59.481288] device hsr_slave_0 entered promiscuous mode [ 59.528539] device hsr_slave_1 entered promiscuous mode [ 59.599176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.607033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.615850] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.630116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.636936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.653214] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.692448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.700530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.708733] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.715252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.722711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.731598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.739236] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.745597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.752410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.760499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.769145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.789264] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 59.799343] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.819666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.826861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.835075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.842941] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.849326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.856345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.864231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.871676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.879513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.886997] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.893361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.900328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.908182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.915548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.923175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.930866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.938809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.946302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.953774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.961227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.968980] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.976735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.984082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.991034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.998010] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.023349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.035372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.042171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.050172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.080944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.105355] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.120492] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.141505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.149823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.157206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.165976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.173725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.180811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.187913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.203524] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.218673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.225589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.236597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.243543] ------------[ cut here ]------------ [ 60.243549] kernel BUG at drivers/android/binder_alloc.c:1141! [ 60.243570] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 60.243578] CPU: 1 PID: 7077 Comm: syz-executor.4 Not tainted 5.0.0-rc6+ #1 [ 60.243580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.243593] RIP: 0010:binder_alloc_do_buffer_copy+0xae/0x420 [ 60.243599] Code: 24 58 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3a 03 00 00 49 8b 44 24 58 48 29 d8 49 39 c5 76 02 <0f> 0b 4c 29 e8 49 39 c7 77 f6 41 f6 c7 03 75 f0 48 8b 45 b8 48 8d [ 60.243602] RSP: 0018:ffff88809a98f398 EFLAGS: 00010202 [ 60.243607] RAX: 0000000000000078 RBX: 0000000020001000 RCX: 00000000000000e8 [ 60.243610] RDX: 1ffff110148ffe3b RSI: 0000000000000000 RDI: ffff8880a47ff1d8 [ 60.243613] RBP: ffff88809a98f410 R08: ffff88809a98f458 R09: 0000000000000008 [ 60.243616] R10: ffffed1013531f0c R11: ffff88809a98f867 R12: ffff8880a47ff180 [ 60.243619] R13: 0000000000000008 R14: ffff8880984d78d0 R15: 00000000000000e8 [ 60.243623] FS: 00007f736a776700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 60.243626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.243629] CR2: 0000000000000000 CR3: 0000000086eb9000 CR4: 00000000001406e0 [ 60.243636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.243639] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.243641] Call Trace: [ 60.243652] ? memcpy+0x45/0x50 [ 60.243659] binder_alloc_copy_from_buffer+0x11/0x13 [ 60.243666] binder_validate_ptr+0x98/0x160 [ 60.243670] ? binder_get_object+0x170/0x170 [ 60.243676] ? binder_alloc_copy_from_buffer+0x11/0x13 [ 60.243683] binder_transaction+0x2d8d/0x51d0 [ 60.243698] ? binder_deferred_func+0xc90/0xc90 [ 60.243707] ? __lock_acquire+0x5d6/0x4760 [ 60.243712] ? __lock_acquire+0x5d6/0x4760 [ 60.243720] ? mark_held_locks+0x130/0x130 [ 60.243731] ? find_held_lock+0x36/0x1d0 [ 60.243743] ? kasan_check_write+0x14/0x20 [ 60.243750] binder_thread_write+0x504/0x1ee0 [ 60.243754] ? find_held_lock+0x36/0x1d0 [ 60.243761] ? binder_transaction+0x51d0/0x51d0 [ 60.243764] ? find_held_lock+0x36/0x1d0 [ 60.243777] ? kasan_check_write+0x14/0x20 [ 60.243783] binder_ioctl+0xc96/0x1349 [ 60.243789] ? binder_thread_write+0x1ee0/0x1ee0 [ 60.243795] ? mark_held_locks+0x130/0x130 [ 60.243799] ? mark_held_locks+0x130/0x130 [ 60.243805] ? mark_held_locks+0x130/0x130 [ 60.243811] ? vm_mmap_pgoff+0x1a8/0x210 [ 60.243815] ? lock_downgrade+0x7f0/0x7f0 [ 60.243825] do_vfs_ioctl+0x196/0x10c0 [ 60.243829] ? lock_downgrade+0x7f0/0x7f0 [ 60.243834] ? ioctl_preallocate+0x1c0/0x1c0 [ 60.243840] ? __fget+0x295/0x400 [ 60.243846] ? ksys_dup3+0x2e0/0x2e0 [ 60.243851] ? put_timespec64+0xa9/0x100 [ 60.243854] ? nsecs_to_jiffies+0x20/0x20 [ 60.243860] ? __fget_light+0x174/0x1e0 [ 60.243864] ksys_ioctl+0x62/0x90 [ 60.243867] ? lockdep_hardirqs_on+0x421/0x5c0 [ 60.243871] __x64_sys_ioctl+0x6e/0xb0 [ 60.243879] do_syscall_64+0xd0/0x4d0 [ 60.243886] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.243891] RIP: 0033:0x4592c9 [ 60.243896] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.243899] RSP: 002b:00007f736a775c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.243903] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9 [ 60.243906] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 60.243909] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 60.243912] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f736a7766d4 [ 60.243915] R13: 00000000004c078e R14: 00000000004d3248 R15: 00000000ffffffff [ 60.243923] Modules linked in: [ 60.243979] ---[ end trace a3d0881f917d39f9 ]--- [ 60.256912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.262449] RIP: 0010:binder_alloc_do_buffer_copy+0xae/0x420 [ 60.269822] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.277570] Code: 24 58 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3a 03 00 00 49 8b 44 24 58 48 29 d8 49 39 c5 76 02 <0f> 0b 4c 29 e8 49 39 c7 77 f6 41 f6 c7 03 75 f0 48 8b 45 b8 48 8d [ 60.286937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.339377] RSP: 0018:ffff88809a98f398 EFLAGS: 00010202 [ 60.345827] kobject: 'vlan0' (0000000082f674f9): kobject_add_internal: parent: 'mesh', set: '' [ 60.367567] RAX: 0000000000000078 RBX: 0000000020001000 RCX: 00000000000000e8 [ 60.678894] RDX: 1ffff110148ffe3b RSI: 0000000000000000 RDI: ffff8880a47ff1d8 [ 60.684181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.686806] RBP: ffff88809a98f410 R08: ffff88809a98f458 R09: 0000000000000008 [ 60.698995] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.708028] R10: ffffed1013531f0c R11: ffff88809a98f867 R12: ffff8880a47ff180 [ 60.715428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.717723] kobject: 'loop5' (00000000a9d0e89c): kobject_uevent_env [ 60.723673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.736543] R13: 0000000000000008 R14: ffff8880984d78d0 R15: 00000000000000e8 [ 60.740673] kobject: 'loop5' (00000000a9d0e89c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 60.747811] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.755277] FS: 00007f736a776700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 60.759627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.760293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.777194] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.782414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.790828] CR2: 00000000004e77a0 CR3: 0000000086eb9000 CR4: 00000000001406f0 [ 60.795881] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.802899] binder: BINDER_SET_CONTEXT_MGR already set [ 60.809081] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.816438] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.821184] binder: 7078:7079 ioctl 40046207 0 returned -16 [ 60.828357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.834513] ------------[ cut here ]------------ [ 60.843664] Kernel panic - not syncing: Fatal exception [ 60.846089] kernel BUG at drivers/android/binder_alloc.c:1141! [ 60.858487] Kernel Offset: disabled [ 60.862202] Rebooting in 86400 seconds..