[   68.505327][   T26] audit: type=1800 audit(1561542643.125:25): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   69.499663][   T26] kauditd_printk_skb: 3 callbacks suppressed
[   69.499676][   T26] audit: type=1800 audit(1561542644.115:29): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   69.527113][   T26] audit: type=1800 audit(1561542644.125:30): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   77.301744][ T9308] ------------[ cut here ]------------
[   77.307285][ T9308] kernel BUG at drivers/android/binder_alloc.c:1130!
[   77.314143][ T9308] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   77.320339][ T9308] CPU: 0 PID: 9308 Comm: syz-executor928 Not tainted 5.2.0-rc6-next-20190625 #22
[   77.329439][ T9308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.339537][ T9308] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   77.346040][ T9308] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf d1 10 fc 4c 89 e6 4c 89 ef e8 e4 d2 10 fc 4d 39 e5 76 07 e8 ba d1 10 fc <0f> 0b e8 b3 d1 10 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1
[   77.365646][ T9308] RSP: 0018:ffff88808a4bf4e0 EFLAGS: 00010293
[   77.371688][ T9308] RAX: ffff8880a14242c0 RBX: 0000000020001000 RCX: ffffffff85617b1f
[   77.379635][ T9308] RDX: 0000000000000000 RSI: ffffffff85617b06 RDI: 0000000000000006
[   77.387602][ T9308] RBP: ffff88808a4bf560 R08: ffff8880a14242c0 R09: 0000000000000008
[   77.395570][ T9308] R10: ffffed1011497f15 R11: ffff88808a4bf8af R12: 0000000000000058
[   77.403523][ T9308] R13: 0000000000000008 R14: 0000000000000070 R15: 0000000000000000
[   77.411478][ T9308] FS:  00005555566eb940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   77.420380][ T9308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.426939][ T9308] CR2: 0000000000000000 CR3: 000000009b51c000 CR4: 00000000001506f0
[   77.434915][ T9308] Call Trace:
[   77.438196][ T9308]  ? _binder_node_inner_unlock+0x80/0xd0
[   77.443810][ T9308]  binder_alloc_copy_from_buffer+0x37/0x42
[   77.449602][ T9308]  binder_validate_ptr+0xcc/0x1d0
[   77.454608][ T9308]  ? binder_get_object+0x210/0x210
[   77.459697][ T9308]  ? binder_alloc_copy_from_buffer+0x37/0x42
[   77.465664][ T9308]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   77.471558][ T9308]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   77.477259][ T9308]  ? binder_get_object+0x181/0x210
[   77.482349][ T9308]  binder_transaction+0x2d32/0x65f0
[   77.487533][ T9308]  ? binder_deferred_func+0xea0/0xea0
[   77.492885][ T9308]  ? kasan_check_read+0x11/0x20
[   77.497739][ T9308]  ? __lock_acquire+0x16f0/0x4680
[   77.502745][ T9308]  ? __might_fault+0x12b/0x1e0
[   77.507494][ T9308]  ? find_held_lock+0x35/0x130
[   77.512239][ T9308]  ? __might_fault+0x12b/0x1e0
[   77.521792][ T9308]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   77.528039][ T9308]  ? _copy_from_user+0x12c/0x1a0
[   77.532964][ T9308]  binder_thread_write+0x663/0x2850
[   77.538148][ T9308]  ? _binder_inner_proc_unlock+0x42/0x80
[   77.543764][ T9308]  ? binder_transaction+0x65f0/0x65f0
[   77.549133][ T9308]  ? lock_downgrade+0x920/0x920
[   77.553992][ T9308]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   77.560216][ T9308]  ? _copy_from_user+0x12c/0x1a0
[   77.565341][ T9308]  binder_ioctl+0x1093/0x18fb
[   77.570027][ T9308]  ? binder_thread_read+0x3db0/0x3db0
[   77.575382][ T9308]  ? tomoyo_path_number_perm+0x263/0x520
[   77.581013][ T9308]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   77.586803][ T9308]  ? userfaultfd_unmap_prep+0x4a0/0x4a0
[   77.592328][ T9308]  ? lock_downgrade+0x920/0x920
[   77.597168][ T9308]  ? binder_thread_read+0x3db0/0x3db0
[   77.602533][ T9308]  do_vfs_ioctl+0xdb6/0x13e0
[   77.607123][ T9308]  ? ioctl_preallocate+0x210/0x210
[   77.612217][ T9308]  ? vma_is_stack_for_current+0xd0/0xd0
[   77.617739][ T9308]  ? ksys_dup3+0x3e0/0x3e0
[   77.622141][ T9308]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   77.628359][ T9308]  ? fput_many+0x12c/0x1a0
[   77.632773][ T9308]  ? fput+0x1b/0x20
[   77.636567][ T9308]  ? tomoyo_file_ioctl+0x23/0x30
[   77.641485][ T9308]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.647700][ T9308]  ? security_file_ioctl+0x8d/0xc0
[   77.652790][ T9308]  ksys_ioctl+0xab/0xd0
[   77.657198][ T9308]  __x64_sys_ioctl+0x73/0xb0
[   77.661797][ T9308]  do_syscall_64+0xfd/0x6a0
[   77.666293][ T9308]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.672164][ T9308] RIP: 0033:0x444a39
[   77.676039][ T9308] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.695645][ T9308] RSP: 002b:00007ffdeed024d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.704060][ T9308] RAX: ffffffffffffffda RBX: 00007ffdeed024e0 RCX: 0000000000444a39
[   77.712053][ T9308] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003
[   77.720007][ T9308] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000401320
[   77.727958][ T9308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402740
[   77.735907][ T9308] R13: 00000000004027d0 R14: 0000000000000000 R15: 0000000000000000
[   77.743859][ T9308] Modules linked in:
[   77.748813][ T9308] ---[ end trace eaa9df7e0ca0e02f ]---
[   77.754329][ T9308] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   77.760848][ T9308] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf d1 10 fc 4c 89 e6 4c 89 ef e8 e4 d2 10 fc 4d 39 e5 76 07 e8 ba d1 10 fc <0f> 0b e8 b3 d1 10 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1
[   77.780878][ T9308] RSP: 0018:ffff88808a4bf4e0 EFLAGS: 00010293
[   77.786995][ T9308] RAX: ffff8880a14242c0 RBX: 0000000020001000 RCX: ffffffff85617b1f
[   77.794992][ T9308] RDX: 0000000000000000 RSI: ffffffff85617b06 RDI: 0000000000000006
[   77.802949][ T9308] RBP: ffff88808a4bf560 R08: ffff8880a14242c0 R09: 0000000000000008
[   77.810963][ T9308] R10: ffffed1011497f15 R11: ffff88808a4bf8af R12: 0000000000000058
[   77.818975][ T9308] R13: 0000000000000008 R14: 0000000000000070 R15: 0000000000000000
[   77.826984][ T9308] FS:  00005555566eb940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   77.835942][ T9308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.842503][ T9308] CR2: 0000000000000000 CR3: 000000009b51c000 CR4: 00000000001506f0
[   77.850497][ T9308] Kernel panic - not syncing: Fatal exception
[   77.857534][ T9308] Kernel Offset: disabled
[   77.861855][ T9308] Rebooting in 86400 seconds..