[....] Starting enhanced syslogd: rsyslogd[ 13.418296] audit: type=1400 audit(1513115748.522:5): avc: denied { syslog } for pid=3001 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.562542] audit: type=1400 audit(1513115769.667:6): avc: denied { map } for pid=3146 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-4,10.128.15.197' (ECDSA) to the list of known hosts. [ 129.071212] audit: type=1400 audit(1513115864.176:7): avc: denied { map } for pid=3158 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/12 21:57:44 parsed 1 programs 2017/12/12 21:57:44 executed programs: 0 [ 129.547964] audit: type=1400 audit(1513115864.652:8): avc: denied { map } for pid=3158 comm="syz-execprog" path="/root/syzkaller-shm224278400" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 129.623648] audit: type=1400 audit(1513115864.728:9): avc: denied { map } for pid=3173 comm="syz-executor4" path="/dev/binder4" dev="devtmpfs" ino=8912 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 129.649058] audit: type=1400 audit(1513115864.728:10): avc: denied { set_context_mgr } for pid=3178 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 129.655996] binder: send failed reply for transaction 2 to 3178:3183 [ 129.683772] binder: send failed reply for transaction 4 to 3173:3181 [ 129.690265] binder: BINDER_SET_CONTEXT_MGR already set [ 129.690274] binder: 3194:3196 ioctl 40046207 0 returned -16 [ 129.690475] binder_alloc: 3178: binder_alloc_buf, no vma [ 129.690502] binder: 3194:3196 transaction failed 29189/-3, size 0-0 line 2947 [ 129.691904] binder: send failed reply for transaction 9 to 3189:3192 [ 129.692000] binder: send failed reply for transaction 7 to 3186:3191 [ 129.693571] binder: undelivered TRANSACTION_COMPLETE [ 129.693581] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.694062] binder: send failed reply for transaction 11 to 3187:3190 [ 129.697465] binder: undelivered TRANSACTION_COMPLETE [ 129.697472] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.705030] binder: undelivered TRANSACTION_COMPLETE [ 129.705038] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.705099] binder: undelivered TRANSACTION_COMPLETE [ 129.705104] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.705156] binder: undelivered TRANSACTION_COMPLETE [ 129.705161] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.705214] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.707332] binder: send failed reply for transaction 19 to 3199:3200 [ 129.716398] binder: undelivered TRANSACTION_COMPLETE [ 129.716406] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.718697] binder: send failed reply for transaction 26 to 3203:3211 [ 129.719866] binder: send failed reply for transaction 28 to 3202:3209 [ 129.721978] binder: send failed reply for transaction 21 to 3204:3207 [ 129.727118] binder: send failed reply for transaction 33 to 3216:3218 [ 129.729759] binder: undelivered TRANSACTION_COMPLETE [ 129.729766] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.731354] binder: undelivered TRANSACTION_COMPLETE [ 129.731361] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.731440] binder: send failed reply for transaction 23 to 3201:3208 [ 129.731594] binder: send failed reply for transaction 30 to 3205:3210 [ 129.733329] binder: send failed reply for transaction 36 to 3219:3221 [ 129.734508] binder: undelivered TRANSACTION_COMPLETE [ 129.734514] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.738294] binder: undelivered TRANSACTION_COMPLETE [ 129.738305] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.738768] binder: undelivered TRANSACTION_COMPLETE [ 129.738775] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.740534] binder: undelivered TRANSACTION_COMPLETE [ 129.740541] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.745209] binder: send failed reply for transaction 45 to 3228:3229 [ 129.746749] binder: send failed reply for transaction 43 to 3222:3226 [ 129.751948] binder: send failed reply for transaction 47 to 3224:3225 [ 129.752818] binder: undelivered TRANSACTION_COMPLETE [ 129.752828] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.759451] binder: undelivered TRANSACTION_COMPLETE [ 129.759458] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.759513] binder: undelivered TRANSACTION_COMPLETE [ 129.759519] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.779701] binder: undelivered TRANSACTION_COMPLETE [ 129.779710] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.790637] binder: send failed reply for transaction 56 to 3236:3241 [ 129.798823] binder: send failed reply for transaction 53 to 3233:3240 [ 129.803140] binder: send failed reply for transaction 60 to 3232:3246 [ 129.808793] binder: BINDER_SET_CONTEXT_MGR already set [ 129.808800] binder: 3234:3249 ioctl 40046207 0 returned -16 [ 129.810860] binder: BINDER_SET_CONTEXT_MGR already set [ 129.810866] binder: 3238:3244 ioctl 40046207 0 returned -16 [ 129.811104] binder: 3238:3244 got new transaction with bad transaction stack, transaction 62 has target 3238:0 [ 129.811119] binder: 3238:3244 transaction failed 29201/-71, size 0-0 line 2859 [ 129.811642] binder: BINDER_SET_CONTEXT_MGR already set [ 129.811647] binder: 3239:3251 ioctl 40046207 0 returned -16 [ 129.811889] binder: send failed reply for transaction 62 to 3238:3244 [ 129.811967] binder: send failed reply for transaction 58 to 3239:3243 [ 129.812068] binder: send failed reply for transaction 54 to 3234:3237 [ 129.812182] binder: undelivered TRANSACTION_COMPLETE [ 129.812188] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.812897] binder: undelivered TRANSACTION_COMPLETE [ 129.812904] binder: undelivered TRANSACTION_ERROR: 29201 [ 129.812909] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.814718] binder: undelivered TRANSACTION_COMPLETE [ 129.814725] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.819054] binder: send failed reply for transaction 69 to 3235:3247 [ 129.822140] binder: undelivered TRANSACTION_COMPLETE [ 129.822147] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.822215] binder: undelivered TRANSACTION_COMPLETE [ 129.822220] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.822274] binder: undelivered TRANSACTION_COMPLETE [ 129.822279] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.822610] binder: send failed reply for transaction 65 to 3242:3245 [ 129.834459] binder: send failed reply for transaction 79 to 3263:3267 [ 129.834983] binder: BINDER_SET_CONTEXT_MGR already set [ 129.834990] binder: 3262:3268 ioctl 40046207 0 returned -16 [ 129.835068] binder: send failed reply for transaction 77 to 3262:3268 [ 129.835213] binder: 3262:3268 transaction failed 29189/-22, size 0-0 line 2832 [ 129.835620] binder: send failed reply for transaction 72 to 3255:3260 [ 129.835866] binder: send failed reply for transaction 81 to 3266:3270 [ 129.838172] binder: undelivered TRANSACTION_COMPLETE [ 129.838180] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.838240] binder: undelivered TRANSACTION_COMPLETE [ 129.838246] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.838249] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.839843] binder: send failed reply for transaction 75 to 3258:3261 [ 129.839930] binder: send failed reply for transaction 85 to 3259:3264 [ 129.846475] binder: undelivered TRANSACTION_COMPLETE [ 129.846483] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.848631] binder: send failed reply for transaction 92 to 3276:3278 [ 129.852689] binder: undelivered TRANSACTION_COMPLETE [ 129.852697] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.855142] binder: send failed reply for transaction 90 to 3274:3277 [ 129.855648] binder: undelivered TRANSACTION_COMPLETE [ 129.855656] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.855712] binder: undelivered TRANSACTION_COMPLETE [ 129.855717] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.865126] binder: undelivered TRANSACTION_COMPLETE [ 129.865134] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.865193] binder: undelivered TRANSACTION_COMPLETE [ 129.865198] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.865802] binder: send failed reply for transaction 96 to 3281:3285 [ 129.865935] binder: send failed reply for transaction 98 to 3284:3288 [ 129.869542] binder: send failed reply for transaction 104 to 3283:3287 [ 129.870117] binder: undelivered TRANSACTION_COMPLETE [ 129.870124] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.870184] binder: undelivered TRANSACTION_COMPLETE [ 129.870189] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.873766] binder: send failed reply for transaction 103 to 3282:3286 [ 129.876580] binder: undelivered TRANSACTION_COMPLETE [ 129.876587] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.876645] binder: undelivered TRANSACTION_COMPLETE [ 129.876650] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.879222] binder: send failed reply for transaction 110 to 3291:3295 [ 129.881476] binder: undelivered TRANSACTION_COMPLETE [ 129.881483] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.886350] binder: undelivered TRANSACTION_COMPLETE [ 129.886357] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.887398] binder: send failed reply for transaction 117 to 3300:3304 [ 129.888316] binder: send failed reply for transaction 119 to 3292:3296 [ 129.888813] binder: undelivered TRANSACTION_COMPLETE [ 129.888820] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.889200] binder: send failed reply for transaction 112 to 3301:3303 [ 129.890645] binder: send failed reply for transaction 114 to 3294:3299 [ 129.897371] binder: send failed reply for transaction 124 to 3306:3307 [ 129.902998] binder: send failed reply for transaction 121 to 3297:3309 [ 129.917132] binder: undelivered TRANSACTION_COMPLETE [ 129.917141] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.917211] binder: undelivered TRANSACTION_COMPLETE [ 129.917217] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.917277] binder: undelivered TRANSACTION_COMPLETE [ 129.917282] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.917345] binder: undelivered TRANSACTION_COMPLETE [ 129.917350] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.917402] binder: undelivered TRANSACTION_COMPLETE [ 129.917408] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.917934] binder: send failed reply for transaction 130 to 3312:3316 [ 129.921367] binder: undelivered TRANSACTION_COMPLETE [ 129.921375] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.925881] binder: send failed reply for transaction 133 to 3320:3322 [ 129.926330] binder: undelivered TRANSACTION_COMPLETE [ 129.926336] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.930003] binder: send failed reply for transaction 144 to 3318:3330 [ 129.934256] binder: send failed reply for transaction 143 to 3324:3327 [ 129.934311] binder: send failed reply for transaction 140 to 3323:3326 [ 129.934364] binder: send failed reply for transaction 138 to 3319:3329 [ 129.934473] binder: send failed reply for transaction 136 to 3313:3317 [ 129.943497] binder: undelivered TRANSACTION_COMPLETE [ 129.943504] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.950004] binder: send failed reply for transaction 153 to 3331:3338 [ 129.957349] binder: send failed reply for transaction 156 to 3331:3338 [ 129.957353] ------------[ cut here ]------------ [ 129.957357] Unexpected reply error: 29189 [ 129.957476] WARNING: CPU: 0 PID: 24 at drivers/android/binder.c:1985 binder_send_failed_reply+0x13b/0x390 [ 129.957481] Kernel panic - not syncing: panic_on_warn set ... [ 129.957481] [ 129.957489] CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.15.0-rc2-mm1+ #39 [ 129.957493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.957500] Workqueue: events binder_deferred_func [ 129.957507] Call Trace: [ 129.957518] dump_stack+0x194/0x257 [ 129.957528] ? arch_local_irq_restore+0x53/0x53 [ 129.957541] ? vsnprintf+0x1ed/0x1900 [ 129.957555] panic+0x1e4/0x41c [ 129.957561] ? refcount_error_report+0x214/0x214 [ 129.957569] ? show_regs_print_info+0x18/0x18 [ 129.957582] ? __warn+0x1c1/0x200 [ 129.957592] ? binder_send_failed_reply+0x13b/0x390 [ 129.957597] __warn+0x1dc/0x200 [ 129.957604] ? binder_send_failed_reply+0x13b/0x390 [ 129.957613] report_bug+0x211/0x2d0 [ 129.957628] fixup_bug.part.11+0x37/0x80 [ 129.957635] do_error_trap+0x2d7/0x3e0 [ 129.957641] ? __down_trylock_console_sem+0x10d/0x1e0 [ 129.957651] ? math_error+0x400/0x400 [ 129.957656] ? vprintk_emit+0x3ea/0x590 [ 129.957664] ? vprintk_emit+0x3ea/0x590 [ 129.957679] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 129.957692] do_invalid_op+0x1b/0x20 [ 129.957699] invalid_op+0x22/0x40 [ 129.957705] RIP: 0010:binder_send_failed_reply+0x13b/0x390 [ 129.957709] RSP: 0018:ffff8801d990f0c8 EFLAGS: 00010286 [ 129.957715] RAX: dffffc0000000008 RBX: ffff8801d1474b00 RCX: ffffffff815a03fe [ 129.957719] RDX: 0000000000000000 RSI: 1ffff1003b320d31 RDI: 0000000000000293 [ 129.957723] RBP: ffff8801d990f0f0 R08: 1ffff1003b321dac R09: 0000000000000000 [ 129.957727] R10: 000000000000000b R11: 0000000000000000 R12: ffff8801c3ae5cc0 [ 129.957730] R13: 0000000000007205 R14: 0000000000007205 R15: 0000000000000d03 [ 129.957744] ? vprintk_func+0x5e/0xc0 [ 129.957756] ? binder_send_failed_reply+0x13b/0x390 [ 129.957766] binder_cleanup_transaction+0xd2/0x140 [ 129.957775] binder_release_work+0x340/0x490 [ 129.957786] ? kzalloc.constprop.53+0x20/0x20 [ 129.957800] ? do_raw_spin_trylock+0x190/0x190 [ 129.957812] ? kfree+0xe4/0x250 [ 129.957818] ? binder_deferred_func+0xe8a/0x12f0 [ 129.957828] ? _raw_spin_unlock+0x22/0x30 [ 129.957838] binder_deferred_func+0xdf5/0x12f0 [ 129.957857] ? binder_cleanup_ref_olocked+0xab0/0xab0 [ 129.957866] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 129.957871] ? unwind_dump+0x4d0/0x4d0 [ 129.957878] ? set_next_entity+0x2ed/0xd70 [ 129.957887] ? find_held_lock+0x39/0x1d0 [ 129.957897] ? check_noncircular+0x20/0x20 [ 129.957915] ? lock_acquire+0x1d5/0x580 [ 129.957922] ? process_one_work+0xb2f/0x1bc0 [ 129.957930] ? __save_stack_trace+0x6e/0xd0 [ 129.957946] ? __lock_is_held+0xbc/0x140 [ 129.957967] process_one_work+0xbfd/0x1bc0 [ 129.957986] ? pwq_dec_nr_in_flight+0x450/0x450 [ 129.957993] ? finish_task_switch+0x1f6/0x740 [ 129.958026] ? __sched_text_start+0x8/0x8 [ 129.958038] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 129.958048] ? check_noncircular+0x20/0x20 [ 129.958059] ? find_held_lock+0x39/0x1d0 [ 129.958078] ? lock_acquire+0x1d5/0x580 [ 129.958083] ? worker_thread+0x4a3/0x1990 [ 129.958096] ? lock_release+0xda0/0xda0 [ 129.958104] ? retint_kernel+0x10/0x10 [ 129.958112] ? do_raw_spin_trylock+0x190/0x190 [ 129.958131] worker_thread+0x223/0x1990 [ 129.958156] ? process_one_work+0x1bc0/0x1bc0 [ 129.958166] ? _raw_spin_unlock_irq+0x27/0x70 [ 129.958174] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 129.958181] ? trace_hardirqs_on+0xd/0x10 [ 129.958188] ? mmdrop+0x18/0x30 [ 129.958195] ? finish_task_switch+0x1f6/0x740 [ 129.958206] ? copy_overflow+0x20/0x20 [ 129.958222] ? __schedule+0x8f3/0x2060 [ 129.958227] ? check_noncircular+0x20/0x20 [ 129.958247] ? find_held_lock+0x39/0x1d0 [ 129.958260] ? find_held_lock+0x39/0x1d0 [ 129.958276] ? lock_downgrade+0x980/0x980 [ 129.958283] ? default_wake_function+0x30/0x50 [ 129.958297] ? __schedule+0x2060/0x2060 [ 129.958303] ? do_wait_intr_irq+0x3e0/0x3e0 [ 129.958312] ? do_raw_spin_trylock+0x190/0x190 [ 129.958320] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 129.958329] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 129.958336] ? trace_hardirqs_on+0xd/0x10 [ 129.958342] ? __kthread_parkme+0x175/0x240 [ 129.958352] kthread+0x37a/0x440 [ 129.958358] ? process_one_work+0x1bc0/0x1bc0 [ 129.958362] ? kthread_stop+0x7b0/0x7b0 [ 129.958371] ret_from_fork+0x24/0x30 [ 129.958555] Dumping ftrace buffer: [ 129.958585] (ftrace buffer empty) [ 129.958589] Kernel Offset: disabled [ 131.166812] Rebooting in 86400 seconds..