[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.660162][ T27] audit: type=1800 audit(1560810910.707:25): pid=8761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.703522][ T27] audit: type=1800 audit(1560810910.707:26): pid=8761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.730348][ T27] audit: type=1800 audit(1560810910.717:27): pid=8761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.098190][ T8916] ------------[ cut here ]------------ [ 72.103682][ T8916] kernel BUG at drivers/android/binder_alloc.c:1130! [ 72.110678][ T8916] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 72.116751][ T8916] CPU: 1 PID: 8916 Comm: syz-executor297 Not tainted 5.2.0-rc5 #28 [ 72.124716][ T8916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.134785][ T8916] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 72.141281][ T8916] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf 9d 1c fc 4c 89 e6 4c 89 ef e8 d4 9e 1c fc 4d 39 e5 76 07 e8 aa 9d 1c fc <0f> 0b e8 a3 9d 1c fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1 [ 72.160892][ T8916] RSP: 0018:ffff88808738f668 EFLAGS: 00010293 [ 72.166939][ T8916] RAX: ffff88808ba54400 RBX: 0000000020001000 RCX: ffffffff855423cf [ 72.174909][ T8916] RDX: 0000000000000000 RSI: ffffffff855423b6 RDI: 0000000000000006 [ 72.182860][ T8916] RBP: ffff88808738f6e8 R08: ffff88808ba54400 R09: 0000000000000008 [ 72.190840][ T8916] R10: ffffed1010e71f46 R11: ffff88808738fa37 R12: 0000000000000058 [ 72.198806][ T8916] R13: 0000000000000008 R14: 0000000000000070 R15: 0000000000000000 [ 72.206760][ T8916] FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:0000000057b09900 [ 72.215679][ T8916] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 72.222245][ T8916] CR2: 0000000000000000 CR3: 00000000a8413000 CR4: 00000000001406e0 [ 72.230367][ T8916] Call Trace: [ 72.233639][ T8916] ? find_held_lock+0x35/0x130 [ 72.238411][ T8916] binder_alloc_copy_from_buffer+0x37/0x42 [ 72.244313][ T8916] binder_validate_ptr+0xcc/0x1d0 [ 72.249510][ T8916] ? binder_get_object+0x210/0x210 [ 72.254637][ T8916] ? binder_alloc_copy_from_buffer+0x37/0x42 [ 72.260609][ T8916] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 72.266482][ T8916] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 72.272818][ T8916] ? binder_get_object+0x181/0x210 [ 72.277941][ T8916] binder_transaction+0x2c9c/0x6620 [ 72.283241][ T8916] ? binder_thread_read+0x3d00/0x3d00 [ 72.288608][ T8916] ? mark_held_locks+0xf0/0xf0 [ 72.293421][ T8916] ? save_stack+0x23/0x90 [ 72.297749][ T8916] ? __might_fault+0x12b/0x1e0 [ 72.302517][ T8916] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 72.308744][ T8916] ? _copy_from_user+0xdd/0x150 [ 72.313622][ T8916] binder_thread_write+0x64a/0x2820 [ 72.318825][ T8916] ? mark_held_locks+0xf0/0xf0 [ 72.323571][ T8916] ? binder_transaction+0x6620/0x6620 [ 72.328925][ T8916] ? __might_fault+0x12b/0x1e0 [ 72.333701][ T8916] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 72.339954][ T8916] ? _copy_from_user+0xdd/0x150 [ 72.344808][ T8916] binder_ioctl+0x102f/0x1833 [ 72.349469][ T8916] ? binder_thread_write+0x2820/0x2820 [ 72.354913][ T8916] ? vma_is_stack_for_current+0xd0/0xd0 [ 72.360460][ T8916] ? ksys_dup3+0x3e0/0x3e0 [ 72.364881][ T8916] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 72.371128][ T8916] ? fput_many+0x12c/0x1a0 [ 72.376138][ T8916] ? fput+0x1b/0x20 [ 72.379930][ T8916] ? tomoyo_file_ioctl+0x23/0x30 [ 72.384850][ T8916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 72.391068][ T8916] ? security_file_ioctl+0x8d/0xc0 [ 72.396160][ T8916] ? binder_thread_write+0x2820/0x2820 [ 72.401626][ T8916] __ia32_compat_sys_ioctl+0x195/0x620 [ 72.407079][ T8916] do_fast_syscall_32+0x27b/0xd7d [ 72.412117][ T8916] entry_SYSENTER_compat+0x70/0x7f [ 72.417211][ T8916] RIP: 0023:0xf7f7a849 [ 72.421263][ T8916] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 72.440862][ T8916] RSP: 002b:00000000ff9824bc EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 72.449275][ T8916] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 72.457228][ T8916] RDX: 0000000020000440 RSI: 0000000008049250 RDI: 0000000000000000 [ 72.465264][ T8916] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 72.473230][ T8916] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 72.481200][ T8916] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.489154][ T8916] Modules linked in: [ 72.493929][ T8916] ---[ end trace d259bd5681b25659 ]--- [ 72.499453][ T8916] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 72.505968][ T8916] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf 9d 1c fc 4c 89 e6 4c 89 ef e8 d4 9e 1c fc 4d 39 e5 76 07 e8 aa 9d 1c fc <0f> 0b e8 a3 9d 1c fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1 [ 72.525688][ T8916] RSP: 0018:ffff88808738f668 EFLAGS: 00010293 [ 72.531797][ T8916] RAX: ffff88808ba54400 RBX: 0000000020001000 RCX: ffffffff855423cf [ 72.539807][ T8916] RDX: 0000000000000000 RSI: ffffffff855423b6 RDI: 0000000000000006 [ 72.547781][ T8916] RBP: ffff88808738f6e8 R08: ffff88808ba54400 R09: 0000000000000008 [ 72.555770][ T8916] R10: ffffed1010e71f46 R11: ffff88808738fa37 R12: 0000000000000058 [ 72.563766][ T8916] R13: 0000000000000008 R14: 0000000000000070 R15: 0000000000000000 [ 72.571764][ T8916] FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:0000000057b09900 [ 72.580705][ T8916] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 72.587270][ T8916] CR2: 0000000000000000 CR3: 00000000a8413000 CR4: 00000000001406e0 [ 72.595810][ T8916] Kernel panic - not syncing: Fatal exception [ 72.602723][ T8916] Kernel Offset: disabled [ 72.607043][ T8916] Rebooting in 86400 seconds..