[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.316187] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.402779] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 22.693902] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 23.417125] random: sshd: uninitialized urandom read (32 bytes read, 78 bits of entropy available) [ 30.695596] random: sshd: uninitialized urandom read (32 bytes read, 86 bits of entropy available) Warning: Permanently added '10.128.15.211' (ECDSA) to the list of known hosts. [ 36.015841] random: sshd: uninitialized urandom read (32 bytes read, 88 bits of entropy available) 2018/01/01 23:31:01 parsed 1 programs 2018/01/01 23:31:01 executed programs: 0 [ 36.254996] IPVS: Creating netns size=2552 id=1 [ 36.289738] IPVS: Creating netns size=2552 id=2 [ 36.312477] audit: type=1400 audit(1514849461.615:5): avc: denied { set_context_mgr } for pid=3343 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 36.336236] audit: type=1400 audit(1514849461.645:6): avc: denied { call } for pid=3343 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 36.338632] IPVS: Creating netns size=2552 id=3 [ 36.369129] binder: send failed reply for transaction 1 to 3343:3347 [ 36.372200] IPVS: Creating netns size=2552 id=4 [ 36.385510] binder: send failed reply for transaction 4 to 3343:3347 [ 36.392078] ------------[ cut here ]------------ [ 36.396593] binder: BINDER_SET_CONTEXT_MGR already set [ 36.396598] binder: 3350:3352 ioctl 40046207 0 returned -16 [ 36.396659] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.396684] binder: 3350:3353 transaction failed 29189/-3, size 0-0 line 3128 [ 36.400330] binder: BINDER_SET_CONTEXT_MGR already set [ 36.400335] binder: 3354:3355 ioctl 40046207 0 returned -16 [ 36.400394] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.400418] binder: 3354:3356 transaction failed 29189/-3, size 0-0 line 3128 [ 36.403608] binder: BINDER_SET_CONTEXT_MGR already set [ 36.403613] binder: 3358:3360 ioctl 40046207 0 returned -16 [ 36.403711] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.403735] binder: 3358:3360 transaction failed 29189/-3, size 0-0 line 3128 [ 36.404152] binder: BINDER_SET_CONTEXT_MGR already set [ 36.404156] binder: 3351:3357 ioctl 40046207 0 returned -16 [ 36.404219] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.404241] binder: 3351:3359 transaction failed 29189/-3, size 0-0 line 3128 [ 36.405021] binder: BINDER_SET_CONTEXT_MGR already set [ 36.405025] binder: 3361:3363 ioctl 40046207 0 returned -16 [ 36.406690] binder: BINDER_SET_CONTEXT_MGR already set [ 36.406694] binder: 3358:3360 ioctl 40046207 0 returned -16 [ 36.406758] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.406781] binder: 3358:3362 transaction failed 29189/-3, size 0-0 line 3128 [ 36.407531] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.407554] binder: 3361:3363 transaction failed 29189/-3, size 0-0 line 3128 [ 36.410599] binder: BINDER_SET_CONTEXT_MGR already set [ 36.410603] binder: 3366:3367 ioctl 40046207 0 returned -16 [ 36.410694] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.410746] binder: 3366:3367 transaction failed 29189/-3, size 0-0 line 3128 [ 36.411038] binder: BINDER_SET_CONTEXT_MGR already set [ 36.411041] binder: 3361:3363 ioctl 40046207 0 returned -16 [ 36.411103] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.411125] binder: 3361:3365 transaction failed 29189/-3, size 0-0 line 3128 [ 36.412028] binder: BINDER_SET_CONTEXT_MGR already set [ 36.412032] binder: 3364:3369 ioctl 40046207 0 returned -16 [ 36.412114] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.412137] binder: 3364:3369 transaction failed 29189/-3, size 0-0 line 3128 [ 36.414520] binder: BINDER_SET_CONTEXT_MGR already set [ 36.414525] binder: 3366:3367 ioctl 40046207 0 returned -16 [ 36.414588] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.414611] binder: 3366:3368 transaction failed 29189/-3, size 0-0 line 3128 [ 36.415494] binder: BINDER_SET_CONTEXT_MGR already set [ 36.415498] binder: 3370:3372 ioctl 40046207 0 returned -16 [ 36.415581] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.415604] binder: 3370:3372 transaction failed 29189/-3, size 0-0 line 3128 [ 36.419199] binder: BINDER_SET_CONTEXT_MGR already set [ 36.419203] binder: 3364:3369 ioctl 40046207 0 returned -16 [ 36.419268] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.419291] binder: 3364:3371 transaction failed 29189/-3, size 0-0 line 3128 [ 36.420251] binder: BINDER_SET_CONTEXT_MGR already set [ 36.420255] binder: 3374:3376 ioctl 40046207 0 returned -16 [ 36.420339] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.422315] binder: 3374:3376 transaction failed 29189/-3, size 0-0 line 3128 [ 36.422895] binder: BINDER_SET_CONTEXT_MGR already set [ 36.422899] binder: 3370:3372 ioctl 40046207 0 returned -16 [ 36.422961] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.422984] binder: 3370:3375 transaction failed 29189/-3, size 0-0 line 3128 [ 36.423540] binder: BINDER_SET_CONTEXT_MGR already set [ 36.423543] binder: 3377:3379 ioctl 40046207 0 returned -16 [ 36.423626] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.423693] binder: 3377:3379 transaction failed 29189/-3, size 0-0 line 3128 [ 36.426749] binder: BINDER_SET_CONTEXT_MGR already set [ 36.426753] binder: 3374:3376 ioctl 40046207 0 returned -16 [ 36.426817] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.426841] binder: 3374:3378 transaction failed 29189/-3, size 0-0 line 3128 [ 36.427440] binder: BINDER_SET_CONTEXT_MGR already set [ 36.427444] binder: 3377:3379 ioctl 40046207 0 returned -16 [ 36.427506] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.427529] binder: 3377:3380 transaction failed 29189/-3, size 0-0 line 3128 [ 36.431665] binder: BINDER_SET_CONTEXT_MGR already set [ 36.431669] binder: 3381:3383 ioctl 40046207 0 returned -16 [ 36.431760] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.431783] binder: 3381:3383 transaction failed 29189/-3, size 0-0 line 3128 [ 36.432823] binder: BINDER_SET_CONTEXT_MGR already set [ 36.432827] binder: 3384:3387 ioctl 40046207 0 returned -16 [ 36.432908] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.432931] binder: 3384:3387 transaction failed 29189/-3, size 0-0 line 3128 [ 36.434855] binder: BINDER_SET_CONTEXT_MGR already set [ 36.434859] binder: 3381:3383 ioctl 40046207 0 returned -16 [ 36.434922] binder_alloc: 3354: binder_alloc_buf, no vma [ 36.434945] binder: 3381:3386 transaction failed 29189/-3, size 0-0 line 3128 [ 36.435726] binder: BINDER_SET_CONTEXT_MGR already set [ 36.435730] binder: 3384:3387 ioctl 40046207 0 returned -16 [ 36.435804] binder_alloc: 3350: binder_alloc_buf, no vma [ 36.435826] binder: 3384:3388 transaction failed 29189/-3, size 0-0 line 3128 [ 36.435916] binder: BINDER_SET_CONTEXT_MGR already set [ 36.435919] binder: 3373:3382 ioctl 40046207 0 returned -16 [ 36.435987] binder_alloc: 3373: binder_alloc_buf, no vma [ 36.436008] binder: 3373:3385 transaction failed 29189/-3, size 0-0 line 3128 [ 36.442121] binder: BINDER_SET_CONTEXT_MGR already set [ 36.442125] binder: 3391:3392 ioctl 40046207 0 returned -16 [ 36.442210] binder_alloc: 3373: binder_alloc_buf, no vma [ 36.442233] binder: 3391:3392 transaction failed 29189/-3, size 0-0 line 3128 [ 36.443295] binder: BINDER_SET_CONTEXT_MGR already set [ 36.443298] binder: 3390:3394 ioctl 40046207 0 returned -16 [ 36.443384] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.443407] binder: 3390:3394 transaction failed 29189/-3, size 0-0 line 3128 [ 36.445043] binder: BINDER_SET_CONTEXT_MGR already set [ 36.445047] binder: 3391:3392 ioctl 40046207 0 returned -16 [ 36.445109] binder_alloc: 3373: binder_alloc_buf, no vma [ 36.445132] binder: 3391:3393 transaction failed 29189/-3, size 0-0 line 3128 [ 36.447221] binder: BINDER_SET_CONTEXT_MGR already set [ 36.447225] binder: 3390:3394 ioctl 40046207 0 returned -16 [ 36.447770] binder_alloc: 3351: binder_alloc_buf, no vma [ 36.447794] binder: 3390:3395 transaction failed 29189/-3, size 0-0 line 3128 [ 37.011058] WARNING: CPU: 1 PID: 129 at drivers/android/binder.c:2152 binder_send_failed_reply+0x147/0x3a0() [ 37.011061] Unexpected reply error: 29189 [ 37.011160] Kernel panic - not syncing: panic_on_warn set ... [ 37.011160] [ 37.011165] CPU: 1 PID: 129 Comm: kworker/u4:2 Not tainted 4.4.107-g610c835 #4 [ 37.011167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.011175] Workqueue: binder binder_deferred_func [ 37.011181] 0000000000000000 b2e2017ff4ea069f ffff8800bb8ff910 ffffffff81d0457d [ 37.011185] ffffffff838429a0 ffff8800bb8ff9e8 ffffffff83c74a40 0000000000000009 [ 37.011189] 0000000000000868 ffff8800bb8ff9d8 ffffffff8141774a 0000000041b58ab3 [ 37.011190] Call Trace: [ 37.011198] [] dump_stack+0xc1/0x124 [ 37.011204] [] panic+0x1aa/0x388 [ 37.011208] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 37.011213] [] ? warn_slowpath_common+0x10a/0x140 [ 37.011216] [] warn_slowpath_common+0x125/0x140 [ 37.011220] [] ? binder_send_failed_reply+0x147/0x3a0 [ 37.011223] [] warn_slowpath_fmt+0xc1/0x110 [ 37.011226] [] ? warn_slowpath_common+0x140/0x140 [ 37.011230] [] ? _binder_inner_proc_lock+0x2c/0x50 [ 37.011234] [] binder_send_failed_reply+0x147/0x3a0 [ 37.011238] [] binder_cleanup_transaction+0xd2/0x140 [ 37.011242] [] binder_release_work+0x192/0x260 [ 37.011246] [] ? _raw_spin_unlock+0x2c/0x50 [ 37.011249] [] binder_deferred_func+0x9aa/0xd10 [ 37.011254] [] ? __lock_is_held+0xa1/0xf0 [ 37.011259] [] process_one_work+0x7d7/0x16e0 [ 37.011262] [] ? process_one_work+0x6f7/0x16e0 [ 37.011266] [] ? pwq_dec_nr_in_flight+0x280/0x280 [ 37.011269] [] ? worker_thread+0x284/0xfe0 [ 37.011272] [] worker_thread+0xdf/0xfe0 [ 37.011277] [] kthread+0x268/0x300 [ 37.011280] [] ? process_one_work+0x16e0/0x16e0 [ 37.011284] [] ? kthread_create_on_node+0x400/0x400 [ 37.011288] [] ? kthread_create_on_node+0x400/0x400 [ 37.011292] [] ret_from_fork+0x3f/0x70 [ 37.011296] [] ? kthread_create_on_node+0x400/0x400 [ 37.021407] Dumping ftrace buffer: [ 37.021439] (ftrace buffer empty) [ 37.021442] Kernel Offset: disabled [ 37.250415] Rebooting in 86400 seconds..