[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.701887] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.112850] random: crng init done Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. executing program [ 44.146425] audit: type=1400 audit(1560810620.883:5): avc: denied { set_context_mgr } for pid=2057 comm="syz-executor799" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 44.170505] audit: type=1400 audit(1560810620.903:6): avc: denied { call } for pid=2057 comm="syz-executor799" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 44.193415] audit: type=1400 audit(1560810620.923:7): avc: denied { transfer } for pid=2057 comm="syz-executor799" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 44.216181] ------------[ cut here ]------------ [ 44.220923] kernel BUG at drivers/android/binder_alloc.c:1103! [ 44.226872] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 44.232206] Modules linked in: [ 44.235497] CPU: 1 PID: 2057 Comm: syz-executor799 Not tainted 4.9.182+ #1 [ 44.242491] task: 00000000635b5f33 task.stack: 000000000884983f [ 44.248526] RIP: 0010:[] [<0000000078b46819>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 44.258173] RSP: 0018:ffff8801c56574a8 EFLAGS: 00010293 [ 44.263604] RAX: ffff8801cf218000 RBX: 0000000020001000 RCX: 0000000000000070 [ 44.270855] RDX: 0000000000000000 RSI: ffffffff8222ac1b RDI: ffff8801d3cc26d8 [ 44.278228] RBP: ffff8801c5657528 R08: ffff8801c56575a8 R09: 0000000000000008 [ 44.285479] R10: ffffed0038acaf12 R11: ffff8801c5657897 R12: 0000000000000058 [ 44.292731] R13: 0000000000000070 R14: 0000000000000008 R15: ffff8801c56575a8 [ 44.299978] FS: 00000000011db940(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 [ 44.308187] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.314045] CR2: 0000000000000000 CR3: 00000001d1865000 CR4: 00000000001606b0 [ 44.321294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.328646] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.335895] Stack: [ 44.338019] ffff8801c5657560 0000000000000246 ffff8801cf218000 ffff8801c56574d0 [ 44.346028] ffff8801cf2de018 ffff8801d3ceae58 00ff8801c5657870 ffff8801d3ceae00 [ 44.354125] ffffffff814fc356 ffff8801cf34e600 0000000000000070 ffff8801c56575a8 [ 44.362272] Call Trace: [ 44.364964] [<000000008d3dc863>] ? memcpy+0x46/0x50 [ 44.370198] [<000000000ac67796>] binder_alloc_copy_from_buffer+0x37/0x42 [ 44.377155] [<0000000030436912>] binder_validate_ptr+0xc5/0x1b0 [ 44.391244] [<0000000065ff0313>] ? binder_get_object+0x1b0/0x1b0 [ 44.397538] [<000000000ac67796>] ? binder_alloc_copy_from_buffer+0x37/0x42 [ 44.404790] [<00000000b54a67f3>] ? binder_get_object+0x12f/0x1b0 [ 44.414900] [<00000000293ee1b5>] binder_transaction+0x2091/0x58c0 [ 44.421206] [<00000000558b1b36>] ? binder_inc_ref_for_node+0xba0/0xba0 [ 44.427943] [<000000000a8ecc3f>] ? __save_stack_trace+0x7a/0xf0 [ 44.434090] [<00000000fb4d8502>] ? depot_save_stack+0x13c/0x4a0 [ 44.440220] [<00000000d491af0c>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.446956] [<00000000a887d605>] ? __might_fault+0x114/0x1d0 [ 44.452825] [<0000000033d0d746>] binder_thread_write+0x593/0x2110 [ 44.459121] [<0000000091f77f50>] ? trace_hardirqs_on+0x10/0x10 [ 44.465154] [<00000000e3f39093>] ? binder_transaction+0x58c0/0x58c0 [ 44.471629] [<00000000a887d605>] ? __might_fault+0x114/0x1d0 [ 44.477494] [<00000000a64ffd99>] binder_ioctl+0xecd/0x1720 [ 44.483198] [<00000000a7f1d551>] ? validate_mm+0x2fe/0x5a0 [ 44.488891] [<0000000007ff8407>] ? binder_poll+0x240/0x240 [ 44.494581] [<00000000e115327c>] ? __lock_acquire+0x5e5/0x4350 [ 44.500738] [<000000004d40f273>] ? SyS_mmap_pgoff+0x1b0/0x1b0 [ 44.506781] [<000000006120966b>] ? uprobe_apply+0x150/0x150 [ 44.512659] [<000000004d44a286>] ? __might_sleep+0x95/0x1a0 [ 44.518440] [<0000000007ff8407>] ? binder_poll+0x240/0x240 [ 44.524132] [<0000000004ab4dc8>] do_vfs_ioctl+0xb87/0x11d0 [ 44.529822] [<000000006b554af5>] ? selinux_file_ioctl+0x103/0x550 [ 44.536116] [<00000000ff1a7e36>] ? ioctl_preallocate+0x210/0x210 [ 44.542429] [<000000002c805484>] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0 [ 44.549854] [<000000003570178c>] ? __fget+0x208/0x370 [ 44.555151] [<000000006e9040bf>] ? __fget+0x22f/0x370 [ 44.560409] [<000000001fb0edec>] ? __fget+0x47/0x370 [ 44.565577] [<00000000cd35c6fc>] ? security_file_ioctl+0x8f/0xc0 [ 44.571784] [<00000000dddddfcd>] SyS_ioctl+0x8f/0xc0 [ 44.576952] [<000000003eeab4fe>] ? do_vfs_ioctl+0x11d0/0x11d0 [ 44.582897] [<0000000051f1482b>] do_syscall_64+0x1ad/0x5c0 [ 44.588804] [<0000000077d534bf>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 44.595780] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf 62 0f ff 4d 39 e6 76 07 e8 b5 62 0f ff <0f> 0b e8 ae 62 0f ff 4c 8b 6d d0 4d 29 f4 4d 39 e5 77 e8 e8 9d [ 44.622991] RIP [<0000000078b46819>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 44.630286] RSP [ 44.634125] ---[ end trace 52373df61d5adad3 ]--- [ 44.639082] Kernel panic - not syncing: Fatal exception [ 44.644803] Kernel Offset: disabled [ 44.648415] Rebooting in 86400 seconds..