[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   61.645021][   T26] audit: type=1800 audit(1561541235.266:25): pid=9015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   61.692317][   T26] audit: type=1800 audit(1561541235.266:26): pid=9015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   61.723461][   T26] audit: type=1800 audit(1561541235.276:27): pid=9015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   69.942473][ T9169] ------------[ cut here ]------------
[   69.948083][ T9169] kernel BUG at drivers/android/binder_alloc.c:1130!
[   69.955195][ T9169] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   69.961288][ T9169] CPU: 0 PID: 9169 Comm: syz-executor842 Not tainted 5.2.0-rc6-next-20190625 #22
[   69.970499][ T9169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.981077][ T9169] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   69.987572][ T9169] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf d1 10 fc 4c 89 e6 4c 89 ef e8 e4 d2 10 fc 4d 39 e5 76 07 e8 ba d1 10 fc <0f> 0b e8 b3 d1 10 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1
[   70.007163][ T9169] RSP: 0018:ffff88808de974e0 EFLAGS: 00010293
[   70.013232][ T9169] RAX: ffff888093844000 RBX: 0000000020001000 RCX: ffffffff85617b1f
[   70.021189][ T9169] RDX: 0000000000000000 RSI: ffffffff85617b06 RDI: 0000000000000006
[   70.029144][ T9169] RBP: ffff88808de97560 R08: ffff888093844000 R09: 0000000000000008
[   70.037109][ T9169] R10: ffffed1011bd2f15 R11: ffff88808de978af R12: 0000000000000078
[   70.045201][ T9169] R13: 0000000000000008 R14: 00000000000000e8 R15: 0000000000000000
[   70.053709][ T9169] FS:  0000555555d28940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   70.062658][ T9169] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.069286][ T9169] CR2: 0000000000000000 CR3: 000000009531a000 CR4: 00000000001506f0
[   70.077740][ T9169] Call Trace:
[   70.081061][ T9169]  ? _binder_node_inner_unlock+0x80/0xd0
[   70.086690][ T9169]  binder_alloc_copy_from_buffer+0x37/0x42
[   70.093220][ T9169]  binder_validate_ptr+0xcc/0x1d0
[   70.098278][ T9169]  ? binder_get_object+0x210/0x210
[   70.103493][ T9169]  ? binder_alloc_copy_from_buffer+0x37/0x42
[   70.109485][ T9169]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   70.115379][ T9169]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   70.121096][ T9169]  ? binder_get_object+0x181/0x210
[   70.126207][ T9169]  binder_transaction+0x2d32/0x65f0
[   70.131415][ T9169]  ? binder_deferred_func+0xea0/0xea0
[   70.140082][ T9169]  ? kasan_check_read+0x11/0x20
[   70.145039][ T9169]  ? __lock_acquire+0x16f0/0x4680
[   70.150105][ T9169]  ? __might_fault+0x12b/0x1e0
[   70.155011][ T9169]  ? find_held_lock+0x35/0x130
[   70.159776][ T9169]  ? __might_fault+0x12b/0x1e0
[   70.164677][ T9169]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.171238][ T9169]  ? _copy_from_user+0x12c/0x1a0
[   70.176180][ T9169]  binder_thread_write+0x663/0x2850
[   70.181538][ T9169]  ? _binder_inner_proc_unlock+0x42/0x80
[   70.187180][ T9169]  ? binder_transaction+0x65f0/0x65f0
[   70.192561][ T9169]  ? lock_downgrade+0x920/0x920
[   70.197478][ T9169]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.205711][ T9169]  ? _copy_from_user+0x12c/0x1a0
[   70.210809][ T9169]  binder_ioctl+0x1093/0x18fb
[   70.216473][ T9169]  ? binder_thread_read+0x3db0/0x3db0
[   70.221954][ T9169]  ? tomoyo_path_number_perm+0x263/0x520
[   70.227640][ T9169]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   70.233447][ T9169]  ? userfaultfd_unmap_prep+0x4a0/0x4a0
[   70.239033][ T9169]  ? lock_downgrade+0x920/0x920
[   70.243973][ T9169]  ? binder_thread_read+0x3db0/0x3db0
[   70.249594][ T9169]  do_vfs_ioctl+0xdb6/0x13e0
[   70.254247][ T9169]  ? ioctl_preallocate+0x210/0x210
[   70.260833][ T9169]  ? vma_is_stack_for_current+0xd0/0xd0
[   70.266496][ T9169]  ? ksys_dup3+0x3e0/0x3e0
[   70.271029][ T9169]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   70.277622][ T9169]  ? fput_many+0x12c/0x1a0
[   70.282342][ T9169]  ? fput+0x1b/0x20
[   70.286159][ T9169]  ? tomoyo_file_ioctl+0x23/0x30
[   70.291347][ T9169]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.297877][ T9169]  ? security_file_ioctl+0x8d/0xc0
[   70.303090][ T9169]  ksys_ioctl+0xab/0xd0
[   70.307247][ T9169]  __x64_sys_ioctl+0x73/0xb0
[   70.312105][ T9169]  do_syscall_64+0xfd/0x6a0
[   70.317049][ T9169]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.323455][ T9169] RIP: 0033:0x444a29
[   70.327632][ T9169] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.348705][ T9169] RSP: 002b:00007ffe587dd068 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.357473][ T9169] RAX: ffffffffffffffda RBX: 00007ffe587dd070 RCX: 0000000000444a29
[   70.365885][ T9169] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003
[   70.374319][ T9169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000401310
[   70.383108][ T9169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402730
[   70.391370][ T9169] R13: 00000000004027c0 R14: 0000000000000000 R15: 0000000000000000
[   70.399585][ T9169] Modules linked in:
[   70.404673][ T9169] ---[ end trace 14df6883daf88513 ]---
[   70.410423][ T9169] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[   70.417957][ T9169] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf d1 10 fc 4c 89 e6 4c 89 ef e8 e4 d2 10 fc 4d 39 e5 76 07 e8 ba d1 10 fc <0f> 0b e8 b3 d1 10 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1
[   70.439069][ T9169] RSP: 0018:ffff88808de974e0 EFLAGS: 00010293
[   70.445537][ T9169] RAX: ffff888093844000 RBX: 0000000020001000 RCX: ffffffff85617b1f
[   70.454328][ T9169] RDX: 0000000000000000 RSI: ffffffff85617b06 RDI: 0000000000000006
[   70.463100][ T9169] RBP: ffff88808de97560 R08: ffff888093844000 R09: 0000000000000008
[   70.471379][ T9169] R10: ffffed1011bd2f15 R11: ffff88808de978af R12: 0000000000000078
[   70.480032][ T9169] R13: 0000000000000008 R14: 00000000000000e8 R15: 0000000000000000
[   70.488294][ T9169] FS:  0000555555d28940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   70.497933][ T9169] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.504938][ T9169] CR2: 000055fefa4df100 CR3: 000000009531a000 CR4: 00000000001506e0
[   70.513247][ T9169] Kernel panic - not syncing: Fatal exception
[   70.521017][ T9169] Kernel Offset: disabled
[   70.525727][ T9169] Rebooting in 86400 seconds..