[ 16.721305] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.507079] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.816181] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.713933] random: sshd: uninitialized urandom read (32 bytes read, 100 bits of entropy available) [ 41.582048] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 46.896132] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available) 2018/01/14 09:21:54 parsed 1 programs 2018/01/14 09:21:54 executed programs: 0 [ 47.195683] IPVS: Creating netns size=2552 id=1 [ 47.219281] IPVS: Creating netns size=2552 id=2 [ 47.243914] IPVS: Creating netns size=2552 id=3 [ 47.270608] audit: type=1400 audit(1515921714.888:5): avc: denied { set_context_mgr } for pid=3369 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 47.295452] audit: type=1400 audit(1515921714.918:6): avc: denied { call } for pid=3369 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 47.305932] binder: send failed reply for transaction 4 to 3373:3375 [ 47.326760] IPVS: Creating netns size=2552 id=4 [ 47.334839] binder: send failed reply for transaction 6 to 3373:3376 [ 47.343695] binder: BINDER_SET_CONTEXT_MGR already set [ 47.349158] binder: 3369:3372 got new transaction with bad transaction stack, transaction 1 has target 3369:0 [ 47.359375] binder: send failed reply for transaction 1 to 3369:3372 [ 47.359694] binder: 3369:3370 ioctl 40046207 0 returned -16 [ 47.361133] binder: 3369:3372 transaction failed 29201/-71, size 0-0 line 3032 [ 47.383630] binder: undelivered TRANSACTION_COMPLETE [ 47.388949] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.394599] binder: undelivered TRANSACTION_COMPLETE [ 47.399863] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.401442] binder: BINDER_SET_CONTEXT_MGR already set [ 47.401447] binder: 3377:3379 ioctl 40046207 0 returned -16 [ 47.401835] binder: BINDER_SET_CONTEXT_MGR already set [ 47.401839] binder: 3378:3380 ioctl 40046207 0 returned -16 [ 47.401928] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.401951] binder: 3378:3380 transaction failed 29189/-3, size 0-0 line 3128 [ 47.403797] binder_alloc: 3377: binder_alloc_buf, no vma [ 47.403820] binder: 3377:3381 transaction failed 29189/-3, size 0-0 line 3128 [ 47.414113] binder: BINDER_SET_CONTEXT_MGR already set [ 47.414118] binder: 3386:3388 ioctl 40046207 0 returned -16 [ 47.414209] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.414231] binder: 3386:3388 transaction failed 29189/-3, size 0-0 line 3128 [ 47.425438] binder: BINDER_SET_CONTEXT_MGR already set [ 47.425443] binder: 3385:3390 ioctl 40046207 0 returned -16 [ 47.425538] binder_alloc: 3377: binder_alloc_buf, no vma [ 47.425561] binder: 3385:3390 transaction failed 29189/-3, size 0-0 line 3128 [ 47.428142] binder: BINDER_SET_CONTEXT_MGR already set [ 47.428147] binder: 3383:3384 ioctl 40046207 0 returned -16 [ 47.428213] binder_alloc: 3383: binder_alloc_buf, no vma [ 47.428236] binder: 3383:3387 transaction failed 29189/-3, size 0-0 line 3128 [ 47.432658] binder: BINDER_SET_CONTEXT_MGR already set [ 47.432663] binder: 3386:3388 ioctl 40046207 0 returned -16 [ 47.432729] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.432751] binder: 3386:3389 transaction failed 29189/-3, size 0-0 line 3128 [ 47.442117] binder: BINDER_SET_CONTEXT_MGR already set [ 47.442122] binder: 3393:3395 ioctl 40046207 0 returned -16 [ 47.442301] binder_alloc: 3383: binder_alloc_buf, no vma [ 47.442325] binder: 3393:3395 transaction failed 29189/-3, size 0-0 line 3128 [ 47.443045] binder: BINDER_SET_CONTEXT_MGR already set [ 47.443049] binder: 3385:3390 ioctl 40046207 0 returned -16 [ 47.443116] binder_alloc: 3377: binder_alloc_buf, no vma [ 47.443137] binder: 3385:3391 transaction failed 29189/-3, size 0-0 line 3128 [ 47.451281] binder: BINDER_SET_CONTEXT_MGR already set [ 47.451286] binder: 3394:3397 ioctl 40046207 0 returned -16 [ 47.451377] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.451400] binder: 3394:3397 transaction failed 29189/-3, size 0-0 line 3128 [ 47.459464] binder: BINDER_SET_CONTEXT_MGR already set [ 47.459469] binder: 3393:3395 ioctl 40046207 0 returned -16 [ 47.459536] binder_alloc: 3383: binder_alloc_buf, no vma [ 47.459559] binder: 3393:3396 transaction failed 29189/-3, size 0-0 line 3128 [ 47.460202] binder: BINDER_SET_CONTEXT_MGR already set [ 47.460206] binder: 3398:3400 ioctl 40046207 0 returned -16 [ 47.460294] binder_alloc: 3377: binder_alloc_buf, no vma [ 47.460315] binder: 3398:3400 transaction failed 29189/-3, size 0-0 line 3128 [ 47.465703] binder: BINDER_SET_CONTEXT_MGR already set [ 47.465708] binder: 3394:3397 ioctl 40046207 0 returned -16 [ 47.465773] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.465797] binder: 3394:3399 transaction failed 29189/-3, size 0-0 line 3128 [ 47.472739] binder: BINDER_SET_CONTEXT_MGR already set [ 47.472745] binder: 3402:3403 ioctl 40046207 0 returned -16 [ 47.472836] binder_alloc: 3383: binder_alloc_buf, no vma [ 47.472860] binder: 3402:3403 transaction failed 29189/-3, size 0-0 line 3128 [ 47.479847] binder: BINDER_SET_CONTEXT_MGR already set [ 47.479852] binder: 3398:3400 ioctl 40046207 0 returned -16 [ 47.479918] binder_alloc: 3377: binder_alloc_buf, no vma [ 47.479942] binder: 3398:3401 transaction failed 29189/-3, size 0-0 line 3128 [ 47.481805] binder: BINDER_SET_CONTEXT_MGR already set [ 47.481809] binder: 3404:3406 ioctl 40046207 0 returned -16 [ 47.481897] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.481919] binder: 3404:3406 transaction failed 29189/-3, size 0-0 line 3128 [ 47.487828] binder: BINDER_SET_CONTEXT_MGR already set [ 47.487833] binder: 3402:3403 ioctl 40046207 0 returned -16 [ 47.487899] binder_alloc: 3383: binder_alloc_buf, no vma [ 47.487925] binder: 3402:3405 transaction failed 29189/-3, size 0-0 line 3128 [ 47.500875] binder_alloc: 3378: binder_alloc_buf, no vma [ 47.500899] binder: 3404:3407 transaction failed 29189/-3, size 0-0 line 3128 [ 47.500927] binder: BINDER_SET_CONTEXT_MGR already set [ 47.500930] binder: 3404:3406 ioctl 40046207 0 returned -16 [ 47.505745] binder_alloc: 3392: binder_alloc_buf, no vma [ 47.505768] binder: 3392:3409 transaction failed 29189/-3, size 0-0 line 3128 [ 47.505790] binder: BINDER_SET_CONTEXT_MGR already set [ 47.505794] binder: 3392:3408 ioctl 40046207 0 returned -16 [ 47.508397] IPVS: Creating netns size=2552 id=5 [ 47.576461] binder: BINDER_SET_CONTEXT_MGR already set [ 47.576466] binder: 3412:3413 ioctl 40046207 0 returned -16 [ 47.576530] binder_alloc: 3412: binder_alloc_buf, no vma [ 47.576555] binder: 3412:3414 transaction failed 29189/-3, size 0-0 line 3128 [ 47.860097] binder: release 3412:3413 transaction 35 out, still active [ 47.866806] binder: undelivered TRANSACTION_COMPLETE [ 47.871949] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.874576] IPVS: Creating netns size=2552 id=6 [ 47.883602] binder: send failed reply for transaction 35, target dead [ 47.890345] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.895925] binder: release 3392:3408 transaction 31 out, still active [ 47.902666] binder: undelivered TRANSACTION_COMPLETE [ 47.907823] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.913312] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.918834] binder: send failed reply for transaction 31, target dead [ 47.925667] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.929128] IPVS: Creating netns size=2552 id=7 [ 47.936960] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.942595] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.948068] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.953679] binder: send failed reply for transaction 38 to 3418:3419 [ 47.960630] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.966153] binder: undelivered TRANSACTION_ERROR: 29189 [ 47.971684] binder: send failed reply for transaction 40 to 3418:3419 [ 47.974322] IPVS: Creating netns size=2552 id=8 [ 47.983012] ------------[ cut here ]------------ [ 47.987752] WARNING: CPU: 1 PID: 372 at drivers/android/binder.c:2152 binder_send_failed_reply+0x147/0x3a0() [ 47.997729] Unexpected reply error: 29189 [ 48.001935] Kernel panic - not syncing: panic_on_warn set ... [ 48.001935] [ 48.009269] CPU: 1 PID: 372 Comm: kworker/u4:3 Not tainted 4.4.111-g7902639 #25 [ 48.016542] binder: BINDER_SET_CONTEXT_MGR already set [ 48.016547] binder: 3423:3424 ioctl 40046207 0 returned -16 [ 48.016612] binder_alloc: 3423: binder_alloc_buf, no vma [ 48.016636] binder: 3423:3425 transaction failed 29189/-3, size 0-0 line 3128 [ 48.040276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.049612] Workqueue: binder binder_deferred_func [ 48.054628] 0000000000000000 f138b7b52c9f2d2a ffff8801d910f910 ffffffff81d0509d [ 48.062594] ffffffff83842f60 ffff8801d910f9e8 ffffffff83c74d80 0000000000000009 [ 48.070558] 0000000000000868 ffff8801d910f9d8 ffffffff81419a3a 0000000041b58ab3 [ 48.078520] Call Trace: [ 48.081079] [] dump_stack+0xc1/0x124 [ 48.086418] [] panic+0x1aa/0x388 [ 48.091403] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 48.098311] [] ? warn_slowpath_common+0x10a/0x140 [ 48.104777] [] warn_slowpath_common+0x125/0x140 [ 48.111065] [] ? binder_send_failed_reply+0x147/0x3a0 [ 48.117874] [] warn_slowpath_fmt+0xc1/0x110 [ 48.123822] [] ? warn_slowpath_common+0x140/0x140 [ 48.130286] [] ? _binder_inner_proc_lock+0x2c/0x50 [ 48.136835] [] binder_send_failed_reply+0x147/0x3a0 [ 48.143471] [] binder_cleanup_transaction+0xd2/0x140 [ 48.150195] [] binder_release_work+0x192/0x260 [ 48.156399] [] ? _raw_spin_unlock+0x2c/0x50 [ 48.162356] [] binder_deferred_func+0x9aa/0xd10 [ 48.168647] [] ? __lock_is_held+0xa1/0xf0 [ 48.174420] [] process_one_work+0x7d7/0x16e0 [ 48.180458] [] ? process_one_work+0x6f7/0x16e0 [ 48.186659] [] ? pwq_dec_nr_in_flight+0x280/0x280 [ 48.193119] [] ? worker_thread+0x284/0xfe0 [ 48.198974] [] worker_thread+0xdf/0xfe0 [ 48.204578] [] ? __schedule+0xa9d/0x1c70 [ 48.210257] [] ? preempt_schedule+0x24/0x30 [ 48.216199] [] ? ___preempt_schedule+0x12/0x14 [ 48.222399] [] kthread+0x268/0x300 [ 48.227560] [] ? process_one_work+0x16e0/0x16e0 [ 48.233846] [] ? kthread_create_on_node+0x400/0x400 [ 48.240483] [] ? kthread_create_on_node+0x400/0x400 [ 48.247119] [] ret_from_fork+0x3f/0x70 [ 48.252633] [] ? kthread_create_on_node+0x400/0x400 [ 48.259729] Dumping ftrace buffer: [ 48.263274] (ftrace buffer empty) [ 48.266955] Kernel Offset: disabled [ 48.270563] Rebooting in 86400 seconds..