[   36.852686] audit: type=1800 audit(1551966480.042:30): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   53.883135] binder: BINDER_SET_CONTEXT_MGR already set
[   53.890977] binder: 7706:7709 ioctl 40046207 0 returned -16
[   53.890981] binder: BINDER_SET_CONTEXT_MGR already set
[   53.902268] binder: 7707:7712 ioctl 40046207 0 returned -16
[   53.902305] binder: BINDER_SET_CONTEXT_MGR already set
[   53.913519] binder: 7705:7713 ioctl 40046207 0 returned -16
[   53.913627] binder: BINDER_SET_CONTEXT_MGR already set
[   53.924574] binder: 7699:7714 ioctl 40046207 0 returned -16
[   53.924593] binder: BINDER_SET_CONTEXT_MGR already set
[   53.935751] binder: BINDER_SET_CONTEXT_MGR already set
[   53.936948] binder: 7708:7711 ioctl 40046207 0 returned -16
[   53.941401] binder: BINDER_SET_CONTEXT_MGR already set
[   53.948335] binder: 7706:7716 ioctl 40046207 0 returned -16
[   53.952445] binder: BINDER_SET_CONTEXT_MGR already set
[   53.963305] binder: 7707:7717 ioctl 40046207 0 returned -16
[   53.963310] binder: BINDER_SET_CONTEXT_MGR already set
[   53.963339] binder: 7705:7718 ioctl 40046207 0 returned -16
[   53.969271] binder_alloc: 7699: binder_alloc_buf, no vma
[   53.974634] binder: BINDER_SET_CONTEXT_MGR already set
[   53.980290] binder: 7710:7715 ioctl 40046207 0 returned -16
[   53.986439] binder: 7708:7719 ioctl 40046207 0 returned -16
[   53.991105] binder_alloc: 7699: binder_alloc_buf, no vma
[   54.008134] binder: 7699:7703 transaction failed 29189/-3, size 0-32 line 3147
[   54.008945] binder_alloc: 7699: binder_alloc_buf, no vma
[   54.016102] binder: BINDER_SET_CONTEXT_MGR already set
[   54.021679] binder: 7706:7709 transaction failed 29189/-3, size 0-32 line 3147
[   54.028231] binder: undelivered TRANSACTION_ERROR: 29189
[   54.033950] binder_alloc: 7699: binder_alloc_buf, no vma
[   54.039518] binder: 7710:7721 ioctl 40046207 0 returned -16
[   54.045397] binder_alloc: 7699: binder_alloc_buf, no vma
[   54.052571] binder: 7710:7715 transaction failed 29189/-22, size 0-32 line 2994
[   54.056816] binder: 7708:7711 transaction failed 29189/-3, size 0-32 line 3147
[   54.063939] binder: 7707:7712 transaction failed 29189/-3, size 0-32 line 3147
executing program
executing program
executing program
executing program
executing program
executing program
[   54.072053] binder: 7705:7713 transaction failed 29189/-3, size 0-32 line 3147
[   54.079608] binder: undelivered TRANSACTION_ERROR: 29189
[   54.091388] binder: BINDER_SET_CONTEXT_MGR already set
[   54.102022] binder: 7722:7724 ioctl 40046207 0 returned -16
[   54.102300] binder: undelivered TRANSACTION_ERROR: 29189
[   54.109266] binder: BINDER_SET_CONTEXT_MGR already set
[   54.119283] binder: 7726:7729 ioctl 40046207 0 returned -16
[   54.119640] binder: BINDER_SET_CONTEXT_MGR already set
[   54.130640] binder: 7725:7727 ioctl 40046207 0 returned -16
[   54.130700] binder: BINDER_SET_CONTEXT_MGR already set
[   54.142301] binder: 7728:7730 ioctl 40046207 0 returned -16
[   54.142626] binder: undelivered TRANSACTION_ERROR: 29189
[   54.148109] binder_alloc: 7722: binder_alloc_buf, no vma
[   54.153957] binder: undelivered TRANSACTION_ERROR: 29189
[   54.159247] binder: BINDER_SET_CONTEXT_MGR already set
[   54.166138] binder: 7722:7723 transaction failed 29189/-3, size 0-32 line 3147
[   54.170760] binder: BINDER_SET_CONTEXT_MGR already set
executing program
[   54.177740] binder: 7726:7734 ioctl 40046207 0 returned -16
[   54.183486] binder: BINDER_SET_CONTEXT_MGR already set
[   54.193938] binder: 7732:7735 ioctl 40046207 0 returned -16
[   54.195440] binder: 7731:7733 ioctl 40046207 0 returned -16
[   54.199750] binder: BINDER_SET_CONTEXT_MGR already set
[   54.210971] binder: BINDER_SET_CONTEXT_MGR already set
[   54.216603] binder: 7725:7736 ioctl 40046207 0 returned -16
[   54.217160] binder_alloc: 7722: binder_alloc_buf, no vma
[   54.228214] binder: BINDER_SET_CONTEXT_MGR already set
[   54.233630] binder: 7728:7738 ioctl 40046207 0 returned -16
[   54.234374] binder: BINDER_SET_CONTEXT_MGR already set
[   54.239486] binder_alloc: 7722: binder_alloc_buf, no vma
[   54.239513] binder: 7725:7727 transaction failed 29189/-3, size 0-32 line 3147
[   54.245229] binder: 7731:7742 ioctl 40046207 0 returned -16
[   54.250245] binder_alloc: 7722: binder_alloc_buf, no vma
[   54.250265] binder: 7728:7730 transaction failed 29189/-3, size 0-32 line 3147
[   54.250316] binder: 7726:7729 transaction failed 29189/-3, size 0-32 line 3147
executing program
executing program
executing program
executing program
executing program
[   54.259309] binder: 7741:7743 ioctl 40046207 0 returned -16
[   54.265345] binder: undelivered TRANSACTION_ERROR: 29189
[   54.269883] binder_alloc: 7722: binder_alloc_buf, no vma
[   54.276466] binder: BINDER_SET_CONTEXT_MGR already set
[   54.276492] binder: 7732:7744 ioctl 40046207 0 returned -16
[   54.276596] binder: undelivered TRANSACTION_ERROR: 29189
[   54.289008] binder: BINDER_SET_CONTEXT_MGR already set
[   54.324062] binder: BINDER_SET_CONTEXT_MGR already set
[   54.328520] binder: 7741:7745 ioctl 40046207 0 returned -16
executing program
[   54.330640] binder: 7747:7749 ioctl 40046207 0 returned -16
[   54.335140] binder: undelivered TRANSACTION_ERROR: 29189
[   54.342607] binder: BINDER_SET_CONTEXT_MGR already set
[   54.352459] binder: 7747:7756 ioctl 40046207 0 returned -16
[   54.353700] binder: BINDER_SET_CONTEXT_MGR already set
[   54.366967] binder: BINDER_SET_CONTEXT_MGR already set
[   54.369502] binder: 7746:7748 ioctl 40046207 0 returned -16
[   54.372779] binder: BINDER_SET_CONTEXT_MGR already set
[   54.378331] binder: 7752:7754 ioctl 40046207 0 returned -16
[   54.383952] binder: undelivered TRANSACTION_ERROR: 29189
[   54.389843] binder: BINDER_SET_CONTEXT_MGR already set
[   54.400348] binder: 7750:7755 ioctl 40046207 0 returned -16
[   54.400513] binder: 7746:7758 ioctl 40046207 0 returned -16
[   54.406241] binder: BINDER_SET_CONTEXT_MGR already set
[   54.417876] binder: BINDER_SET_CONTEXT_MGR already set
[   54.418456] binder: 7751:7753 ioctl 40046207 0 returned -16
[   54.425480] binder: 7757:7759 ioctl 40046207 0 returned -16
executing program
executing program
[   54.429102] binder: undelivered TRANSACTION_ERROR: 29189
[   54.434853] binder: BINDER_SET_CONTEXT_MGR already set
[   54.445703] binder: 7752:7763 ioctl 40046207 0 returned -16
[   54.445841] binder: BINDER_SET_CONTEXT_MGR already set
[   54.456836] binder: 7750:7765 ioctl 40046207 0 returned -16
[   54.459377] ------------[ cut here ]------------
[   54.465509] binder: BINDER_SET_CONTEXT_MGR already set
[   54.467386] kernel BUG at drivers/android/binder_alloc.c:1141!
[   54.478831] binder: 7770:7771 ioctl 40046207 0 returned -16
[   54.478863] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   54.484604] binder: BINDER_SET_CONTEXT_MGR already set
[   54.489937] CPU: 0 PID: 7753 Comm: syz-executor185 Not tainted 5.0.0+ #10
[   54.489942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.489962] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   54.489971] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   54.489975] RSP: 0018:ffff8880990f76d8 EFLAGS: 00010293
[   54.489982] RAX: ffff8880a91a0280 RBX: 0000000020001000 RCX: ffffffff8545d12c
[   54.489986] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006
[   54.489997] RBP: ffff8880990f7758 R08: ffff8880a91a0280 R09: 0000000000000028
[   54.495330] binder: BINDER_SET_CONTEXT_MGR already set
[   54.502165] R10: ffffed101321ef32 R11: ffff8880990f7997 R12: 0000000000000020
[   54.502170] R13: 0000000000000028 R14: ffff88808b463d10 R15: 0000000000000000
[   54.502176] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f49b40
[   54.502181] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   54.502186] CR2: 0000000000000000 CR3: 000000008f28e000 CR4: 00000000001406f0
[   54.502192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.502197] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.502205] Call Trace:
[   54.511812] binder: 7766:7768 ioctl 40046207 0 returned -16
[   54.517355]  ? memcpy+0x46/0x50
[   54.517371]  binder_alloc_copy_from_buffer+0x37/0x42
[   54.536616] ------------[ cut here ]------------
[   54.541643]  binder_get_object+0xc3/0x200
[   54.548871] kernel BUG at drivers/android/binder_alloc.c:1141!
[   54.548945] binder: 7757:7769 ioctl 40046207 0 returned -16
[   54.556179]  binder_transaction+0x2b4a/0x6690
[   54.556196]  ? binder_thread_read+0x3d20/0x3d20
[   54.665422]  ? __lock_acquire+0x548/0x3fb0
[   54.669645]  ? __might_fault+0x12b/0x1e0
[   54.673693]  ? lock_downgrade+0x880/0x880
[   54.677829]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.683358]  ? _copy_from_user+0xdd/0x150
[   54.687506]  binder_thread_write+0x64a/0x2820
[   54.692002]  ? binder_transaction+0x6690/0x6690
[   54.696661]  ? __might_fault+0x12b/0x1e0
[   54.700720]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.706253]  ? _copy_from_user+0xdd/0x150
[   54.710394]  binder_ioctl+0x1033/0x183b
[   54.714376]  ? binder_thread_write+0x2820/0x2820
[   54.719132]  ? __fget+0x367/0x540
[   54.722583]  ? ksys_dup3+0x3e0/0x3e0
[   54.726288]  ? security_file_ioctl+0x93/0xc0
[   54.730694]  ? binder_thread_write+0x2820/0x2820
[   54.735453]  __ia32_compat_sys_ioctl+0x197/0x620
[   54.740210]  do_fast_syscall_32+0x281/0xc98
[   54.744535]  entry_SYSENTER_compat+0x70/0x7f
[   54.748935] RIP: 0023:0xf7f4d869
[   54.752292] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   54.771198] RSP: 002b:00000000f7f4912c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   54.778960] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[   54.786222] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000
[   54.793479] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   54.800738] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   54.808011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   54.815278] Modules linked in:
[   54.818484] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[   54.820211] ------------[ cut here ]------------
[   54.823850] CPU: 1 PID: 7754 Comm: syz-executor185 Tainted: G      D           5.0.0+ #10
[   54.828604] kernel BUG at drivers/android/binder_alloc.c:1141!
[   54.836882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.836910] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   54.843663] ------------[ cut here ]------------
[   54.852211] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   54.858124] kernel BUG at drivers/android/binder_alloc.c:1141!
[   54.862846] RSP: 0018:ffff8880a4caf6d8 EFLAGS: 00010293
[   54.893049] RAX: ffff8880a7f522c0 RBX: 0000000020001020 RCX: ffffffff8545d12c
[   54.900294] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006
[   54.907539] RBP: ffff8880a4caf758 R08: ffff8880a7f522c0 R09: 0000000000000028
[   54.914784] R10: ffffed1014995f32 R11: ffff8880a4caf997 R12: 0000000000000020
[   54.922029] R13: 0000000000000028 R14: ffff88808b463d10 R15: 0000000000000000
[   54.929281] FS:  0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f49b40
[   54.937486] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   54.943359] CR2: 00000000f7f28db0 CR3: 000000009fda3000 CR4: 00000000001406e0
[   54.950611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.957858] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.965101] Call Trace:
[   54.967672]  ? memcpy+0x46/0x50
[   54.970936]  binder_alloc_copy_from_buffer+0x37/0x42
[   54.976017]  binder_get_object+0xc3/0x200
[   54.980145]  binder_transaction+0x2b4a/0x6690
[   54.984625]  ? binder_thread_read+0x3d20/0x3d20
[   54.989280]  ? __lock_acquire+0x548/0x3fb0
[   54.993499]  ? __might_fault+0x12b/0x1e0
[   54.997539]  ? lock_downgrade+0x880/0x880
[   55.001764]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.007286]  ? _copy_from_user+0xdd/0x150
[   55.011478]  binder_thread_write+0x64a/0x2820
[   55.015965]  ? binder_transaction+0x6690/0x6690
[   55.020611]  ? __might_fault+0x12b/0x1e0
[   55.024655]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.030169]  ? _copy_from_user+0xdd/0x150
[   55.034295]  binder_ioctl+0x1033/0x183b
[   55.038248]  ? binder_thread_write+0x2820/0x2820
[   55.042980]  ? __fget+0x367/0x540
[   55.046421]  ? ksys_dup3+0x3e0/0x3e0
[   55.050126]  ? security_file_ioctl+0x93/0xc0
[   55.054512]  ? binder_thread_write+0x2820/0x2820
[   55.059245]  __ia32_compat_sys_ioctl+0x197/0x620
[   55.063985]  do_fast_syscall_32+0x281/0xc98
[   55.068297]  entry_SYSENTER_compat+0x70/0x7f
[   55.072692] RIP: 0023:0xf7f4d869
[   55.076034] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   55.095187] RSP: 002b:00000000f7f4912c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   55.102934] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[   55.110187] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000
[   55.117435] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   55.124739] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   55.131993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.139242] Modules linked in:
[   55.142439] invalid opcode: 0000 [#3] PREEMPT SMP KASAN
[   55.143012] ---[ end trace 7f1bc2216782b362 ]---
[   55.147848] CPU: 0 PID: 7759 Comm: syz-executor185 Tainted: G      D           5.0.0+ #10
[   55.147855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.147872] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   55.147882] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   55.147887] RSP: 0018:ffff8880a571f6d8 EFLAGS: 00010293
[   55.147901] RAX: ffff8880863e4400 RBX: 0000000020001040 RCX: ffffffff8545d12c
[   55.147906] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006
[   55.147910] RBP: ffff8880a571f758 R08: ffff8880863e4400 R09: 0000000000000028
[   55.147915] R10: ffffed1014ae3f32 R11: ffff8880a571f997 R12: 0000000000000020
[   55.147919] R13: 0000000000000028 R14: ffff88808b463d10 R15: 0000000000000000
[   55.147925] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f49b40
[   55.147930] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   55.147939] CR2: 00000000f7f28db0 CR3: 000000009ec2c000 CR4: 00000000001406f0
[   55.152813] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   55.161034] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.161040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.161044] Call Trace:
[   55.161064]  ? memcpy+0x46/0x50
[   55.161081]  binder_alloc_copy_from_buffer+0x37/0x42
[   55.170461] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   55.176237]  binder_get_object+0xc3/0x200
[   55.176250]  binder_transaction+0x2b4a/0x6690
[   55.195430] binder_alloc: binder_alloc_mmap_handler: 7770 20001000-20004000 already mapped failed -16
[   55.200520]  ? binder_thread_read+0x3d20/0x3d20
[   55.200534]  ? mark_held_locks+0xf0/0xf0
[   55.207837] binder: BINDER_SET_CONTEXT_MGR already set
[   55.215204]  ? mark_held_locks+0xf0/0xf0
[   55.215221]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   55.222557] binder: 7770:7774 ioctl 40046207 0 returned -16
[   55.229780]  ? binder_get_thread+0x1db/0x7c0
[   55.229794]  ? lock_downgrade+0x880/0x880
[   55.237069] RSP: 0018:ffff8880990f76d8 EFLAGS: 00010293
[   55.245302]  ? __might_fault+0xfb/0x1e0
[   55.245320]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.251525] ------------[ cut here ]------------
[   55.258463]  ? _copy_from_user+0xdd/0x150
[   55.264210] kernel BUG at drivers/android/binder_alloc.c:1141!
[   55.393776]  binder_thread_write+0x64a/0x2820
[   55.398273]  ? binder_transaction+0x6690/0x6690
[   55.402931]  ? kasan_check_write+0x14/0x20
[   55.407150]  ? do_raw_spin_lock+0x12a/0x2e0
[   55.411463]  ? __might_fault+0xfb/0x1e0
[   55.415630]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.421157]  ? _copy_from_user+0xdd/0x150
[   55.425308]  binder_ioctl+0x1033/0x183b
[   55.429273]  ? binder_thread_write+0x2820/0x2820
[   55.434143]  ? __fget+0x367/0x540
[   55.437583]  ? ksys_dup3+0x3e0/0x3e0
[   55.441302]  ? security_file_ioctl+0x93/0xc0
[   55.445700]  ? binder_thread_write+0x2820/0x2820
[   55.450460]  __ia32_compat_sys_ioctl+0x197/0x620
[   55.455211]  do_fast_syscall_32+0x281/0xc98
[   55.459526]  entry_SYSENTER_compat+0x70/0x7f
[   55.463921] RIP: 0023:0xf7f4d869
[   55.467272] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   55.489092] RSP: 002b:00000000f7f4912c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   55.496820] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[   55.504083] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000
[   55.511404] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   55.518678] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   55.525936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.533199] Modules linked in:
[   55.536405] invalid opcode: 0000 [#4] PREEMPT SMP KASAN
[   55.541792] CPU: 1 PID: 7771 Comm: syz-executor185 Tainted: G      D           5.0.0+ #10
[   55.550085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.559471] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   55.565258] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   55.584141] RSP: 0018:ffff888087b9f6d8 EFLAGS: 00010293
[   55.589489] RAX: ffff88808b936700 RBX: 0000000020001080 RCX: ffffffff8545d12c
[   55.596739] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006
[   55.603988] RBP: ffff888087b9f758 R08: ffff88808b936700 R09: 0000000000000028
[   55.611233] R10: ffffed1010f73f32 R11: ffff888087b9f997 R12: 0000000000000020
[   55.618479] R13: 0000000000000028 R14: ffff88808b463d10 R15: 0000000000000000
[   55.625728] FS:  0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f49b40
[   55.633931] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   55.639788] CR2: 00000000f7f07db0 CR3: 00000000903ef000 CR4: 00000000001406e0
[   55.647034] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.654279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.661520] Call Trace:
[   55.664094]  ? memcpy+0x46/0x50
[   55.667372]  binder_alloc_copy_from_buffer+0x37/0x42
[   55.672465]  binder_get_object+0xc3/0x200
[   55.676595]  binder_transaction+0x2b4a/0x6690
[   55.681076]  ? binder_thread_read+0x3d20/0x3d20
[   55.685724]  ? mark_held_locks+0xf0/0xf0
[   55.689770]  ? mark_held_locks+0xf0/0xf0
[   55.693815]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   55.698913]  ? binder_get_thread+0x1db/0x7c0
[   55.703311]  ? lock_downgrade+0x880/0x880
[   55.707437]  ? __might_fault+0xfb/0x1e0
[   55.711393]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.716918]  ? _copy_from_user+0xdd/0x150
[   55.721048]  binder_thread_write+0x64a/0x2820
[   55.725524]  ? trace_hardirqs_on+0x67/0x230
[   55.729827]  ? binder_transaction+0x6690/0x6690
[   55.734474]  ? kasan_check_write+0x14/0x20
[   55.738785]  ? do_raw_spin_lock+0x12a/0x2e0
[   55.743097]  ? __might_fault+0xfb/0x1e0
[   55.747054]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.752579]  ? _copy_from_user+0xdd/0x150
[   55.756716]  binder_ioctl+0x1033/0x183b
[   55.760681]  ? binder_thread_write+0x2820/0x2820
[   55.765426]  ? __fget+0x367/0x540
[   55.768871]  ? ksys_dup3+0x3e0/0x3e0
[   55.772589]  ? security_file_ioctl+0x93/0xc0
[   55.776981]  ? binder_thread_write+0x2820/0x2820
[   55.781715]  __ia32_compat_sys_ioctl+0x197/0x620
[   55.786452]  do_fast_syscall_32+0x281/0xc98
[   55.790754]  entry_SYSENTER_compat+0x70/0x7f
[   55.795139] RIP: 0023:0xf7f4d869
[   55.798483] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   55.817361] RSP: 002b:00000000f7f4912c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   55.825053] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0306201
[   55.832307] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000
[   55.839677] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   55.847016] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   55.854263] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.861514] Modules linked in:
[   55.864704] invalid opcode: 0000 [#5] PREEMPT SMP KASAN
[   55.865488] RAX: ffff8880a91a0280 RBX: 0000000020001000 RCX: ffffffff8545d12c
[   55.870101] CPU: 0 PID: 7755 Comm: syz-executor185 Tainted: G      D           5.0.0+ #10
[   55.870108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.870126] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   55.870137] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   55.877425] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006
[   55.885707] RSP: 0018:ffff888097f1f6d8 EFLAGS: 00010293
[   55.885717] RAX: ffff8880a7ffa300 RBX: 0000000020001060 RCX: ffffffff8545d12c
[   55.885722] RDX: 0000000000000000 RSI: ffffffff8545d136 RDI: 0000000000000006
[   55.885726] RBP: ffff888097f1f758 R08: ffff8880a7ffa300 R09: 0000000000000028
[   55.885734] R10: ffffed1012fe3f32 R11: ffff888097f1f997 R12: 0000000000000020
[   55.895352] RBP: ffff8880990f7758 R08: ffff8880a91a0280 R09: 0000000000000028
[   55.901013] R13: 0000000000000028 R14: ffff88808b463d10 R15: 0000000000000000
[   55.901024] FS:  0000000000000000(0000) GS:ffff8880ae800000(0063) knlGS:00000000f7f49b40
[   55.901031] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   55.901038] CR2: 00000000f7f27cbc CR3: 000000008b671000 CR4: 00000000001406f0
[   55.901049] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.901056] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.901062] Call Trace:
[   55.901090]  ? memcpy+0x46/0x50
[   55.901112]  binder_alloc_copy_from_buffer+0x37/0x42
[   55.920182] R10: ffffed101321ef32 R11: ffff8880990f7997 R12: 0000000000000020
[   55.927314]  binder_get_object+0xc3/0x200
[   55.927333]  binder_transaction+0x2b4a/0x6690
[   55.927365]  ? binder_thread_read+0x3d20/0x3d20
[   55.932868] R13: 0000000000000028 R14: ffff88808b463d10 R15: 0000000000000000
[   55.940010]  ? __lock_acquire+0x548/0x3fb0
[   55.940038]  ? __might_fault+0x12b/0x1e0
[   55.940052]  ? lock_downgrade+0x880/0x880
[   55.940076]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.947458] FS:  0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f49b40
[   55.954627]  ? _copy_from_user+0xdd/0x150
[   55.954644]  binder_thread_write+0x64a/0x2820
[   55.954665]  ? binder_transaction+0x6690/0x6690
[   55.954680]  ? __might_fault+0x12b/0x1e0
[   55.954705]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.962121] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   55.969255]  ? _copy_from_user+0xdd/0x150
[   55.969274]  binder_ioctl+0x1033/0x183b
[   55.969290]  ? binder_thread_write+0x2820/0x2820
[   55.969305]  ? __fget+0x367/0x540
[   55.969321]  ? ksys_dup3+0x3e0/0x3e0
[   55.976709] CR2: 00000000f7f27cbc CR3: 000000009fda3000 CR4: 00000000001406e0
[   55.984835]  ? security_file_ioctl+0x93/0xc0
[   55.984852]  ? binder_thread_write+0x2820/0x2820
[   55.984869]  __ia32_compat_sys_ioctl+0x197/0x620
[   55.984890]  do_fast_syscall_32+0x281/0xc98
[   55.984920]  entry_SYSENTER_compat+0x70/0x7f
[   55.990956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.998070] RIP: 0023:0xf7f4d869
[   55.998085] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   55.998092] RSP: 002b:00000000f7f4912c EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   55.998104] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[   55.998110] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000
[   55.998117] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   55.998123] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   55.998129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.998141] Modules linked in:
[   56.005535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   56.015644] ---[ end trace 7f1bc2216782b363 ]---
[   56.018930] binder: BINDER_SET_CONTEXT_MGR already set
[   56.023936] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   56.031564] Kernel panic - not syncing: Fatal exception
[   56.037289] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 5f 5a 2a fc 4c 89 e6 4c 89 ef e8 74 5b 2a fc 4d 39 e5 76 07 e8 4a 5a 2a fc <0f> 0b e8 43 5a 2a fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 51
[   56.040701] Kernel Offset: disabled
[   56.284509] Rebooting in 86400 seconds..