[   34.737236][   T26] audit: type=1800 audit(1553659638.364:27): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   34.757539][   T26] audit: type=1800 audit(1553659638.394:28): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.527602][   T26] audit: type=1800 audit(1553659639.224:29): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.547894][   T26] audit: type=1800 audit(1553659639.224:30): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.152' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   42.739631][ T7547] ------------[ cut here ]------------
[   42.745124][ T7547] kernel BUG at drivers/android/binder_alloc.c:1141!
[   42.751905][ T7547] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   42.757996][ T7547] CPU: 1 PID: 7547 Comm: syz-executor703 Not tainted 5.1.0-rc2+ #38
[   42.765943][ T7547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.775995][ T7547] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   42.782488][ T7547] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ff f7 23 fc 4c 89 e6 4c 89 ef e8 14 f9 23 fc 4d 39 e5 76 07 e8 ea f7 23 fc <0f> 0b e8 e3 f7 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 f1
[   42.802083][ T7547] RSP: 0018:ffff88808b797550 EFLAGS: 00010293
[   42.808125][ T7547] RAX: ffff88808ecae340 RBX: 0000000020001000 RCX: ffffffff854c798c
[   42.816072][ T7547] RDX: 0000000000000000 RSI: ffffffff854c7996 RDI: 0000000000000006
[   42.824020][ T7547] RBP: ffff88808b7975d0 R08: ffff88808ecae340 R09: 0000000000000028
[   42.831976][ T7547] R10: ffffed10116f2f01 R11: ffff88808b79780f R12: 0000000000000008
[   42.839922][ T7547] R13: 0000000000000028 R14: ffff888098054b10 R15: 0000000000000000
[   42.847869][ T7547] FS:  0000000000867940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   42.856786][ T7547] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.863344][ T7547] CR2: 0000000000000000 CR3: 000000008e7fc000 CR4: 00000000001406e0
[   42.872183][ T7547] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.884406][ T7547] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.892359][ T7547] Call Trace:
[   42.895629][ T7547]  ? memcpy+0x46/0x50
[   42.899586][ T7547]  binder_alloc_copy_from_buffer+0x37/0x42
[   42.905366][ T7547]  binder_get_object+0xc3/0x200
[   42.910193][ T7547]  binder_transaction+0x2b4a/0x6690
[   42.915373][ T7547]  ? binder_thread_read+0x3d50/0x3d50
[   42.920722][ T7547]  ? __lock_acquire+0x548/0x3fb0
[   42.925644][ T7547]  ? __might_fault+0x12b/0x1e0
[   42.930387][ T7547]  ? lock_downgrade+0x880/0x880
[   42.935218][ T7547]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   42.941454][ T7547]  ? _copy_from_user+0xdd/0x150
[   42.946292][ T7547]  binder_thread_write+0x64a/0x2820
[   42.951477][ T7547]  ? binder_transaction+0x6690/0x6690
[   42.956836][ T7547]  ? __might_fault+0x12b/0x1e0
[   42.961584][ T7547]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   42.967804][ T7547]  ? _copy_from_user+0xdd/0x150
[   42.972638][ T7547]  binder_ioctl+0x1033/0x183b
[   42.977297][ T7547]  ? binder_thread_write+0x2820/0x2820
[   42.982728][ T7547]  ? tomoyo_path_number_perm+0x263/0x520
[   42.988343][ T7547]  ? userfaultfd_unmap_complete+0x293/0x400
[   42.994213][ T7547]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   43.000019][ T7547]  ? userfaultfd_unmap_prep+0x4a0/0x4a0
[   43.005549][ T7547]  ? binder_thread_write+0x2820/0x2820
[   43.010989][ T7547]  do_vfs_ioctl+0xd6e/0x1390
[   43.015559][ T7547]  ? ioctl_preallocate+0x210/0x210
[   43.020646][ T7547]  ? vma_is_stack_for_current+0xd0/0xd0
[   43.026182][ T7547]  ? ksys_dup3+0x3e0/0x3e0
[   43.030573][ T7547]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   43.036798][ T7547]  ? fput_many+0x12c/0x1a0
[   43.041188][ T7547]  ? fput+0x1b/0x20
[   43.044977][ T7547]  ? tomoyo_file_ioctl+0x23/0x30
[   43.049891][ T7547]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.056109][ T7547]  ? security_file_ioctl+0x93/0xc0
[   43.064213][ T7547]  ksys_ioctl+0xab/0xd0
[   43.068347][ T7547]  __x64_sys_ioctl+0x73/0xb0
[   43.072930][ T7547]  do_syscall_64+0x103/0x610
[   43.077497][ T7547]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.083370][ T7547] RIP: 0033:0x444549
[   43.087257][ T7547] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   43.107035][ T7547] RSP: 002b:00007ffdc5a7c2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   43.115437][ T7547] RAX: ffffffffffffffda RBX: 00007ffdc5a7c2d0 RCX: 0000000000444549
[   43.123399][ T7547] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003
[   43.131346][ T7547] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400e10
[   43.139291][ T7547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402250
[   43.147239][ T7547] R13: 00000000004022e0 R14: 0000000000000000 R15: 0000000000000000
[   43.155204][ T7547] Modules linked in:
[   43.159439][ T7547] ---[ end trace 1b12ac8443828c38 ]---
[   43.164946][ T7547] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   43.171821][ T7547] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ff f7 23 fc 4c 89 e6 4c 89 ef e8 14 f9 23 fc 4d 39 e5 76 07 e8 ea f7 23 fc <0f> 0b e8 e3 f7 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 f1
[   43.191480][ T7547] RSP: 0018:ffff88808b797550 EFLAGS: 00010293
[   43.197526][ T7547] RAX: ffff88808ecae340 RBX: 0000000020001000 RCX: ffffffff854c798c
[   43.205504][ T7547] RDX: 0000000000000000 RSI: ffffffff854c7996 RDI: 0000000000000006
[   43.213490][ T7547] RBP: ffff88808b7975d0 R08: ffff88808ecae340 R09: 0000000000000028
[   43.221502][ T7547] R10: ffffed10116f2f01 R11: ffff88808b79780f R12: 0000000000000008
[   43.229484][ T7547] R13: 0000000000000028 R14: ffff888098054b10 R15: 0000000000000000
[   43.237478][ T7547] FS:  0000000000867940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   43.246436][ T7547] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.253036][ T7547] CR2: 0000000000000000 CR3: 000000008e7fc000 CR4: 00000000001406e0
[   43.261000][ T7547] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   43.268989][ T7547] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   43.276988][ T7547] Kernel panic - not syncing: Fatal exception
[   43.283742][ T7547] Kernel Offset: disabled
[   43.288075][ T7547] Rebooting in 86400 seconds..