[ 45.491291] audit: type=1800 audit(1552135173.384:29): pid=8088 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 45.537688] audit: type=1800 audit(1552135173.384:30): pid=8088 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. executing program executing program executing program syzkaller login: [ 53.692089] kauditd_printk_skb: 5 callbacks suppressed [ 53.692114] audit: type=1400 audit(1552135181.584:36): avc: denied { map } for pid=8277 comm="syz-executor562" path="/root/syz-executor562977115" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.705651] binder: 8286:8286 transaction failed 29189/-22, size 0-8 line 2994 [ 53.728496] binder: 8284:8284 transaction failed 29189/-22, size 0-8 line 2994 executing program executing program executing program executing program [ 53.733256] binder: 8285:8285 transaction failed 29189/-22, size 0-8 line 2994 [ 53.743068] binder: 8288:8288 transaction failed 29189/-22, size 0-8 line 2994 [ 53.748792] binder: 8287:8287 transaction failed 29189/-22, size 0-8 line 2994 [ 53.755876] binder: 8289:8289 transaction failed 29189/-22, size 0-8 line 2994 [ 53.765313] binder: undelivered TRANSACTION_ERROR: 29189 [ 53.769117] binder: BINDER_SET_CONTEXT_MGR already set [ 53.782550] binder: 8284:8284 ioctl 40046207 0 returned -16 [ 53.782553] binder: BINDER_SET_CONTEXT_MGR already set [ 53.782574] binder: 8287:8287 ioctl 40046207 0 returned -16 [ 53.788443] audit: type=1400 audit(1552135181.654:37): avc: denied { map } for pid=8285 comm="syz-executor562" path="/dev/binder0" dev="devtmpfs" ino=17243 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 53.794688] binder: 8290:8290 transaction failed 29189/-22, size 0-8 line 2994 [ 53.802202] binder: BINDER_SET_CONTEXT_MGR already set executing program executing program executing program executing program [ 53.838471] audit: type=1400 audit(1552135181.654:38): avc: denied { set_context_mgr } for pid=8285 comm="syz-executor562" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 53.842694] binder: 8288:8288 ioctl 40046207 0 returned -16 [ 53.863221] binder: BINDER_SET_CONTEXT_MGR already set [ 53.875799] binder: BINDER_SET_CONTEXT_MGR already set [ 53.881055] binder: 8286:8286 ioctl 40046207 0 returned -16 executing program executing program [ 53.882667] binder: 8290:8290 ioctl 40046207 0 returned -16 [ 53.888367] binder: undelivered TRANSACTION_ERROR: 29189 [ 53.900450] binder_alloc: 8289: binder_alloc_buf, no vma [ 53.906562] audit: type=1400 audit(1552135181.784:39): avc: denied { call } for pid=8292 comm="syz-executor562" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 53.907407] binder_alloc: 8289: binder_alloc_buf, no vma [ 53.929329] binder: undelivered TRANSACTION_ERROR: 29189 executing program [ 53.934905] binder: 8292:8292 transaction failed 29189/-3, size 0-8 line 3147 [ 53.940426] binder: undelivered TRANSACTION_ERROR: 29189 [ 53.948423] binder: BINDER_SET_CONTEXT_MGR already set [ 53.954302] binder_alloc: 8289: binder_alloc_buf, no vma [ 53.958647] binder: 8292:8292 ioctl 40046207 0 returned -16 [ 53.964222] binder: undelivered TRANSACTION_ERROR: 29189 [ 53.973153] binder: 8295:8295 transaction failed 29189/-3, size 0-8 line 3147 [ 53.977698] binder_alloc: 8289: binder_alloc_buf, no vma [ 53.983329] binder: BINDER_SET_CONTEXT_MGR already set executing program [ 53.988433] binder_alloc: 8289: binder_alloc_buf, no vma [ 53.993649] binder: 8295:8295 ioctl 40046207 0 returned -16 [ 53.999468] binder: 8294:8294 transaction failed 29189/-3, size 0-8 line 3147 [ 54.012404] binder_alloc: 8289: binder_alloc_buf, no vma [ 54.012852] binder: BINDER_SET_CONTEXT_MGR already set [ 54.021666] binder_alloc: 8289: binder_alloc_buf, no vma [ 54.023539] binder: BINDER_SET_CONTEXT_MGR already set [ 54.029359] binder_alloc: 8289: binder_alloc_buf, no vma executing program [ 54.034222] binder: 8291:8291 ioctl 40046207 0 returned -16 [ 54.041091] binder: BINDER_SET_CONTEXT_MGR already set [ 54.047744] binder: 8296:8296 ioctl 40046207 0 returned -16 [ 54.051687] binder: BINDER_SET_CONTEXT_MGR already set [ 54.056626] binder: 8293:8293 ioctl 40046207 0 returned -16 [ 54.062094] binder: 8294:8294 ioctl 40046207 0 returned -16 [ 54.067784] binder: undelivered TRANSACTION_ERROR: 29189 [ 54.073528] binder: BINDER_SET_CONTEXT_MGR already set [ 54.084890] binder: BINDER_SET_CONTEXT_MGR already set executing program executing program executing program [ 54.091961] binder_alloc: 8289: binder_alloc_buf, no vma [ 54.092288] binder: undelivered TRANSACTION_ERROR: 29189 [ 54.097703] binder: 8297:8297 ioctl 40046207 0 returned -16 [ 54.107721] binder: undelivered TRANSACTION_ERROR: 29189 [ 54.109882] binder: 8298:8298 ioctl 40046207 0 returned -16 [ 54.116464] binder: undelivered TRANSACTION_ERROR: 29189 [ 54.121167] binder: BINDER_SET_CONTEXT_MGR already set [ 54.125744] binder_alloc: 8289: binder_alloc_buf, no vma [ 54.131980] binder: 8299:8299 ioctl 40046207 0 returned -16 executing program executing program executing program executing program executing program executing program [ 54.141849] binder: BINDER_SET_CONTEXT_MGR already set [ 54.147492] binder: 8301:8301 ioctl 40046207 0 returned -16 [ 54.148390] binder: BINDER_SET_CONTEXT_MGR already set [ 54.162097] binder: 8304:8304 ioctl 40046207 0 returned -16 [ 54.162666] binder: BINDER_SET_CONTEXT_MGR already set [ 54.175645] binder: BINDER_SET_CONTEXT_MGR already set [ 54.180968] binder: 8302:8302 ioctl 40046207 0 returned -16 [ 54.186960] binder: undelivered TRANSACTION_ERROR: 29189 executing program executing program executing program [ 54.188358] binder: BINDER_SET_CONTEXT_MGR already set [ 54.198146] binder: 8308:8308 ioctl 40046207 0 returned -16 [ 54.198761] binder: BINDER_SET_CONTEXT_MGR already set [ 54.210163] binder: 8300:8300 ioctl 40046207 0 returned -16 [ 54.212943] binder: BINDER_SET_CONTEXT_MGR already set [ 54.218573] binder: 8305:8305 ioctl 40046207 0 returned -16 [ 54.224880] binder: BINDER_SET_CONTEXT_MGR already set [ 54.232615] binder: 8306:8306 ioctl 40046207 0 returned -16 [ 54.237655] binder: BINDER_SET_CONTEXT_MGR already set executing program executing program executing program executing program [ 54.245258] binder: BINDER_SET_CONTEXT_MGR already set [ 54.250706] binder: 8307:8307 ioctl 40046207 0 returned -16 [ 54.253655] binder: 8311:8311 ioctl 40046207 0 returned -16 [ 54.257405] binder: BINDER_SET_CONTEXT_MGR already set [ 54.266654] binder: 8303:8303 ioctl 40046207 0 returned -16 [ 54.269653] binder: BINDER_SET_CONTEXT_MGR already set [ 54.279530] binder: 8310:8310 ioctl 40046207 0 returned -16 [ 54.286223] binder: 8309:8309 ioctl 40046207 0 returned -16 executing program executing program executing program executing program executing program [ 54.295667] binder_alloc: 8315: binder_alloc_buf failed to map pages in userspace, no vma [ 54.305090] ------------[ cut here ]------------ [ 54.310312] kernel BUG at drivers/android/binder_alloc.c:1141! [ 54.312731] ------------[ cut here ]------------ [ 54.321038] kernel BUG at drivers/android/binder_alloc.c:1141! [ 54.328031] binder: BINDER_SET_CONTEXT_MGR already set [ 54.332261] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 54.334829] binder: 8314:8314 ioctl 40046207 0 returned -16 [ 54.338699] CPU: 0 PID: 8317 Comm: syz-executor562 Not tainted 5.0.0+ #13 [ 54.338707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.338731] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 54.366478] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 1f 18 28 fc 4c 89 e6 4c 89 ef e8 34 19 28 fc 4d 39 e5 76 07 e8 0a 18 28 fc <0f> 0b e8 03 18 28 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 11 [ 54.385383] RSP: 0018:ffff8880a61a7550 EFLAGS: 00010293 [ 54.390744] RAX: ffff8880a49982c0 RBX: 0000000020004000 RCX: ffffffff85483dec [ 54.398021] RDX: 0000000000000000 RSI: ffffffff85483df6 RDI: 0000000000000006 [ 54.405287] RBP: ffff8880a61a75d0 R08: ffff8880a49982c0 R09: 0000000000000028 [ 54.412550] R10: ffffed1014c34f01 R11: ffff8880a61a780f R12: 0000000000000008 [ 54.419824] R13: 0000000000000028 R14: ffff8880a02186d0 R15: 0000000000000000 [ 54.427116] FS: 0000000000fc0940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 54.435335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.441219] CR2: 00000000006d0090 CR3: 000000007e720000 CR4: 00000000001406f0 [ 54.448487] Call Trace: [ 54.451091] ? memcpy+0x46/0x50 [ 54.454381] binder_alloc_copy_from_buffer+0x37/0x42 [ 54.459495] binder_get_object+0xc3/0x200 [ 54.463647] binder_transaction+0x2b4a/0x6690 [ 54.468155] ? binder_thread_read+0x3d50/0x3d50 [ 54.472820] ? __lock_acquire+0x548/0x3fb0 [ 54.477059] ? __might_fault+0x12b/0x1e0 [ 54.481118] ? lock_downgrade+0x880/0x880 [ 54.485281] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.490826] ? _copy_from_user+0xdd/0x150 [ 54.494974] binder_thread_write+0x64a/0x2820 [ 54.499475] ? binder_transaction+0x6690/0x6690 [ 54.504150] ? __might_fault+0x12b/0x1e0 [ 54.508222] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.513775] ? _copy_from_user+0xdd/0x150 [ 54.517922] binder_ioctl+0x1033/0x183b [ 54.521898] ? binder_thread_write+0x2820/0x2820 [ 54.526654] ? tomoyo_path_number_perm+0x263/0x520 [ 54.531610] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 54.536729] ? binder_thread_write+0x2820/0x2820 [ 54.541489] do_vfs_ioctl+0xd6e/0x1390 [ 54.545383] ? ioctl_preallocate+0x210/0x210 [ 54.549792] ? selinux_file_mprotect+0x620/0x620 [ 54.554546] ? __do_page_fault+0x623/0xda0 [ 54.558805] ? lock_downgrade+0x880/0x880 [ 54.562962] ? tomoyo_file_ioctl+0x23/0x30 [ 54.567193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.572744] ? security_file_ioctl+0x93/0xc0 [ 54.577166] ksys_ioctl+0xab/0xd0 [ 54.580629] __x64_sys_ioctl+0x73/0xb0 [ 54.584519] do_syscall_64+0x103/0x610 [ 54.588412] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.593621] RIP: 0033:0x445689 [ 54.596825] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.615730] RSP: 002b:00007ffe7a676878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.623437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445689 [ 54.630702] RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 54.637968] RBP: 000000000000d384 R08: 0000000000000004 R09: 00000000004028b0 executing program executing program executing program [ 54.645236] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402820 [ 54.652502] R13: 00000000004028b0 R14: 0000000000000000 R15: 0000000000000000 [ 54.659768] Modules linked in: [ 54.662989] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 54.668371] CPU: 1 PID: 8318 Comm: syz-executor562 Tainted: G D 5.0.0+ #13 [ 54.671616] ---[ end trace 786afff7c3cfb20e ]--- [ 54.676679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.676702] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 executing program [ 54.676715] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 1f 18 28 fc 4c 89 e6 4c 89 ef e8 34 19 28 fc 4d 39 e5 76 07 e8 0a 18 28 fc <0f> 0b e8 03 18 28 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 11 [ 54.676726] RSP: 0018:ffff88807e48f550 EFLAGS: 00010293 [ 54.683913] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 54.690820] RAX: ffff8880a49da300 RBX: 0000000020004008 RCX: ffffffff85483dec [ 54.690827] RDX: 0000000000000000 RSI: ffffffff85483df6 RDI: 0000000000000006 [ 54.690835] RBP: ffff88807e48f5d0 R08: ffff8880a49da300 R09: 0000000000000028 executing program executing program [ 54.690843] R10: ffffed100fc91f01 R11: ffff88807e48f80f R12: 0000000000000008 [ 54.690850] R13: 0000000000000028 R14: ffff8880a02186d0 R15: 0000000000000000 [ 54.690861] FS: 0000000000fc0940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 54.690869] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.690877] CR2: 00000000006d0090 CR3: 000000008e3c8000 CR4: 00000000001406e0 [ 54.690884] Call Trace: [ 54.690905] ? memcpy+0x46/0x50 executing program [ 54.699004] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 1f 18 28 fc 4c 89 e6 4c 89 ef e8 34 19 28 fc 4d 39 e5 76 07 e8 0a 18 28 fc <0f> 0b e8 03 18 28 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 11 [ 54.715611] binder_alloc_copy_from_buffer+0x37/0x42 [ 54.715627] binder_get_object+0xc3/0x200 [ 54.715643] binder_transaction+0x2b4a/0x6690 [ 54.715671] ? binder_thread_read+0x3d50/0x3d50 [ 54.725289] RSP: 0018:ffff8880a61a7550 EFLAGS: 00010293 [ 54.726820] ? __lock_acquire+0x548/0x3fb0 [ 54.726842] ? __might_fault+0x12b/0x1e0 [ 54.726864] ? lock_downgrade+0x880/0x880 executing program executing program executing program executing program executing program executing program [ 54.735064] RAX: ffff8880a49982c0 RBX: 0000000020004000 RCX: ffffffff85483dec [ 54.741418] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.741432] ? _copy_from_user+0xdd/0x150 [ 54.741449] binder_thread_write+0x64a/0x2820 [ 54.741468] ? binder_transaction+0x6690/0x6690 [ 54.749276] RDX: 0000000000000000 RSI: ffffffff85483df6 RDI: 0000000000000006 [ 54.756005] ? __might_fault+0x12b/0x1e0 [ 54.756031] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.756043] ? _copy_from_user+0xdd/0x150 [ 54.756059] binder_ioctl+0x1033/0x183b [ 54.768044] RBP: ffff8880a61a75d0 R08: ffff8880a49982c0 R09: 0000000000000028 [ 54.771549] ? binder_thread_write+0x2820/0x2820 [ 54.771564] ? tomoyo_path_number_perm+0x263/0x520 [ 54.771588] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 54.771612] ? binder_thread_write+0x2820/0x2820 [ 54.771628] do_vfs_ioctl+0xd6e/0x1390 [ 54.777978] R10: ffffed1014c34f01 R11: ffff8880a61a780f R12: 0000000000000008 [ 54.784780] ? ioctl_preallocate+0x210/0x210 [ 54.784796] ? selinux_file_mprotect+0x620/0x620 [ 54.784810] ? __do_page_fault+0x623/0xda0 [ 54.784827] ? lock_downgrade+0x880/0x880 [ 54.784844] ? tomoyo_file_ioctl+0x23/0x30 [ 54.784863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.791619] R13: 0000000000000028 R14: ffff8880a02186d0 R15: 0000000000000000 [ 54.809608] ? security_file_ioctl+0x93/0xc0 [ 54.809625] ksys_ioctl+0xab/0xd0 [ 54.809640] __x64_sys_ioctl+0x73/0xb0 [ 54.809655] do_syscall_64+0x103/0x610 [ 54.809673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.819093] FS: 0000000000fc0940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 54.823384] RIP: 0033:0x445689 [ 54.823398] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.823406] RSP: 002b:00007ffe7a676878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.823417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445689 [ 54.823424] RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 54.823435] RBP: 000000000000d3f6 R08: 0000000000000004 R09: 00000000004028b0 [ 54.828260] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.833455] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402820 [ 54.833462] R13: 00000000004028b0 R14: 0000000000000000 R15: 0000000000000000 [ 54.833475] Modules linked in: [ 54.848183] ---[ end trace 786afff7c3cfb20f ]--- [ 54.859263] CR2: 00000000004c3e08 CR3: 000000007e720000 CR4: 00000000001406f0 [ 54.867439] binder: BINDER_SET_CONTEXT_MGR already set [ 54.869460] Kernel panic - not syncing: Fatal exception [ 54.877377] binder: 8331:8331 ioctl 40046207 0 returned -16 [ 54.880562] Kernel Offset: disabled [ 55.106490] Rebooting in 86400 seconds..