[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 11.339243] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 12.477674] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.322653] audit: type=1400 audit(1560812364.000:5): avc: denied { set_context_mgr } for pid=2067 comm="syz-executor702" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 55.327814] audit: type=1400 audit(1560812364.000:6): avc: denied { call } for pid=2067 comm="syz-executor702" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 55.332721] audit: type=1400 audit(1560812364.010:7): avc: denied { transfer } for pid=2067 comm="syz-executor702" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 55.336210] ------------[ cut here ]------------ [ 55.337303] kernel BUG at drivers/android/binder_alloc.c:1103! [ 55.338482] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 55.339597] Modules linked in: [ 55.340110] CPU: 0 PID: 2067 Comm: syz-executor702 Not tainted 4.9.182+ #1 [ 55.341247] task: 000000005d9643c3 task.stack: 00000000f9595fc2 [ 55.342569] RIP: 0010:[] [<0000000049efb36a>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 55.351719] RSP: 0018:ffff8801c46274a8 EFLAGS: 00010293 [ 55.357208] RAX: ffff8801d06cc740 RBX: 0000000020001000 RCX: 00000000000000a8 [ 55.364574] RDX: 0000000000000000 RSI: ffffffff8222ac1b RDI: ffff8801d2ba30d8 [ 55.371877] RBP: ffff8801c4627528 R08: ffff8801c46275a8 R09: 0000000000000008 [ 55.379141] R10: ffffed00388c4f12 R11: ffff8801c4627897 R12: 0000000000000078 [ 55.386401] R13: 00000000000000a8 R14: 0000000000000008 R15: ffff8801c46275a8 [ 55.393748] FS: 000000000176f940(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 [ 55.402171] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.408205] CR2: 0000000000000000 CR3: 00000001cf5dd000 CR4: 00000000001606b0 [ 55.415479] Stack: [ 55.417618] ffff8801c4627560 0000000000000246 ffff8801d06cc740 ffff8801c46274d0 [ 55.426102] ffff8801c4872018 ffff8801d2ba3158 00ff8801c4627870 ffff8801d2ba3100 [ 55.434179] ffffffff814fc356 ffff8801ce975400 00000000000000a8 ffff8801c46275a8 [ 55.442279] Call Trace: [ 55.444997] [<000000006c0ec5bc>] ? memcpy+0x46/0x50 [ 55.450095] [<00000000d71845a3>] binder_alloc_copy_from_buffer+0x37/0x42 [ 55.457201] [<000000002c4a4535>] binder_validate_ptr+0xc5/0x1b0 [ 55.463348] [<0000000023cf7bcd>] ? binder_get_object+0x1b0/0x1b0 [ 55.469587] [<00000000d71845a3>] ? binder_alloc_copy_from_buffer+0x37/0x42 [ 55.476773] [<00000000a03ba2c1>] ? binder_get_object+0x12f/0x1b0 [ 55.483052] [<00000000b68d26eb>] binder_transaction+0x2091/0x58c0 [ 55.489562] [<000000000962323e>] ? binder_inc_ref_for_node+0xba0/0xba0 [ 55.496308] [<000000009d21554c>] ? __save_stack_trace+0x7a/0xf0 [ 55.502543] [<0000000006dbc377>] ? depot_save_stack+0x13c/0x4a0 [ 55.508679] [<000000007f4721c6>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 55.515422] [<00000000fe8bea86>] ? __might_fault+0x114/0x1d0 [ 55.521310] [<000000000e29497b>] binder_thread_write+0x593/0x2110 [ 55.527620] [<00000000cd34d06d>] ? trace_hardirqs_on+0x10/0x10 [ 55.533713] [<0000000099e456a4>] ? binder_transaction+0x58c0/0x58c0 [ 55.540197] [<00000000fe8bea86>] ? __might_fault+0x114/0x1d0 [ 55.546063] [<00000000ab82073d>] binder_ioctl+0xecd/0x1720 [ 55.551859] [<00000000024d217d>] ? validate_mm+0x2fe/0x5a0 [ 55.557557] [<0000000092146f30>] ? binder_poll+0x240/0x240 [ 55.563371] [<000000009f78a808>] ? __lock_acquire+0x5e5/0x4350 [ 55.569415] [<000000003964cc80>] ? SyS_mmap_pgoff+0x1b0/0x1b0 [ 55.575374] [<0000000002369d20>] ? uprobe_apply+0x150/0x150 [ 55.581201] [<00000000c27c9f15>] ? __might_sleep+0x95/0x1a0 [ 55.586992] [<0000000092146f30>] ? binder_poll+0x240/0x240 [ 55.592690] [<000000008d217b23>] do_vfs_ioctl+0xb87/0x11d0 [ 55.598450] [<00000000d05cb505>] ? selinux_file_ioctl+0x103/0x550 [ 55.604822] [<00000000fd729e23>] ? ioctl_preallocate+0x210/0x210 [ 55.611046] [<00000000cbec3aff>] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0 [ 55.618477] [<0000000082bfe3e8>] ? __fget+0x208/0x370 [ 55.623866] [<00000000b3093f03>] ? __fget+0x22f/0x370 [ 55.629127] [<0000000067168e5d>] ? __fget+0x47/0x370 [ 55.634300] [<0000000008c0ef71>] ? security_file_ioctl+0x8f/0xc0 [ 55.640631] [<00000000f191ae7b>] SyS_ioctl+0x8f/0xc0 [ 55.645805] [<0000000074e2cbab>] ? do_vfs_ioctl+0x11d0/0x11d0 [ 55.652250] [<00000000c3350cee>] do_syscall_64+0x1ad/0x5c0 [ 55.657976] [<000000005d7e21b6>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 55.665049] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf 62 0f ff 4d 39 e6 76 07 e8 b5 62 0f ff <0f> 0b e8 ae 62 0f ff 4c 8b 6d d0 4d 29 f4 4d 39 e5 77 e8 e8 9d [ 55.692786] RIP [<0000000049efb36a>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 55.700234] RSP [ 55.704249] ---[ end trace ba2222a97bcc592b ]--- [ 55.708994] Kernel panic - not syncing: Fatal exception [ 55.714656] Kernel Offset: disabled [ 55.718357] Rebooting in 86400 seconds..