[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.818861] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.159111] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.462517] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.201015] random: sshd: uninitialized urandom read (32 bytes read, 84 bits of entropy available) [ 22.372348] random: sshd: uninitialized urandom read (32 bytes read, 88 bits of entropy available) Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 27.718432] random: sshd: uninitialized urandom read (32 bytes read, 93 bits of entropy available) 2018/01/12 21:21:26 parsed 1 programs 2018/01/12 21:21:26 executed programs: 0 [ 27.982840] IPVS: Creating netns size=2552 id=1 [ 28.008073] audit: type=1400 audit(1515792087.049:5): avc: denied { set_context_mgr } for pid=3351 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 28.032138] audit: type=1400 audit(1515792087.079:6): avc: denied { call } for pid=3351 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 28.058031] IPVS: Creating netns size=2552 id=2 [ 28.065131] binder: send failed reply for transaction 1 to 3351:3354 [ 28.076590] binder_alloc: 3351: binder_alloc_buf, no vma [ 28.088460] binder: 3351:3352 transaction failed 29189/-3, size 0-0 line 3128 [ 28.091984] binder: send failed reply for transaction 6 to 3357:3358 [ 28.104547] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.109331] IPVS: Creating netns size=2552 id=3 [ 28.118345] binder: undelivered TRANSACTION_COMPLETE [ 28.126565] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.133447] binder: send failed reply for transaction 8 to 3357:3358 [ 28.139939] ------------[ cut here ]------------ [ 28.144771] WARNING: CPU: 1 PID: 19 at drivers/android/binder.c:2152 binder_send_failed_reply+0x147/0x3a0() [ 28.154661] Unexpected reply error: 29189 [ 28.158953] Kernel panic - not syncing: panic_on_warn set ... [ 28.158953] [ 28.161974] binder: BINDER_SET_CONTEXT_MGR already set [ 28.161980] binder: 3367:3369 ioctl 40046207 0 returned -16 [ 28.163172] binder: 3367:3368 got new transaction with bad transaction stack, transaction 10 has target 3367:0 [ 28.163185] binder: 3367:3368 transaction failed 29201/-71, size 0-0 line 3032 [ 28.165202] binder: BINDER_SET_CONTEXT_MGR already set [ 28.165207] binder: 3362:3371 ioctl 40046207 0 returned -16 [ 28.166375] binder: 3362:3365 got new transaction with bad transaction stack, transaction 12 has target 3362:0 [ 28.166385] binder: 3362:3365 transaction failed 29201/-71, size 0-0 line 3032 [ 28.188975] binder: BINDER_SET_CONTEXT_MGR already set [ 28.188981] binder: 3373:3374 ioctl 40046207 0 returned -16 [ 28.189184] binder_alloc: 3362: binder_alloc_buf, no vma [ 28.189221] binder: 3373:3374 transaction failed 29189/-3, size 0-0 line 3128 [ 28.196112] binder: BINDER_SET_CONTEXT_MGR already set [ 28.196118] binder: 3372:3376 ioctl 40046207 0 returned -16 [ 28.196271] binder: BINDER_SET_CONTEXT_MGR already set [ 28.196276] binder: 3373:3375 ioctl 40046207 0 returned -16 [ 28.196456] binder_alloc: 3367: binder_alloc_buf, no vma [ 28.196493] binder: 3372:3376 transaction failed 29189/-3, size 0-0 line 3128 [ 28.203216] binder: BINDER_SET_CONTEXT_MGR already set [ 28.203222] binder: 3372:3377 ioctl 40046207 0 returned -16 [ 28.219671] binder: BINDER_SET_CONTEXT_MGR already set [ 28.219677] binder: 3378:3379 ioctl 40046207 0 returned -16 [ 28.219884] binder_alloc: 3362: binder_alloc_buf, no vma [ 28.219921] binder: 3378:3379 transaction failed 29189/-3, size 0-0 line 3128 [ 28.226722] binder: BINDER_SET_CONTEXT_MGR already set [ 28.226728] binder: 3380:3382 ioctl 40046207 0 returned -16 [ 28.226943] binder_alloc: 3367: binder_alloc_buf, no vma [ 28.226981] binder: 3380:3382 transaction failed 29189/-3, size 0-0 line 3128 [ 28.227148] binder: BINDER_SET_CONTEXT_MGR already set [ 28.227153] binder: 3378:3381 ioctl 40046207 0 returned -16 [ 28.234523] binder: BINDER_SET_CONTEXT_MGR already set [ 28.234529] binder: 3380:3383 ioctl 40046207 0 returned -16 [ 28.250421] binder: BINDER_SET_CONTEXT_MGR already set [ 28.250428] binder: 3384:3385 ioctl 40046207 0 returned -16 [ 28.250634] binder_alloc: 3362: binder_alloc_buf, no vma [ 28.250671] binder: 3384:3385 transaction failed 29189/-3, size 0-0 line 3128 [ 28.258038] binder: BINDER_SET_CONTEXT_MGR already set [ 28.258044] binder: 3386:3388 ioctl 40046207 0 returned -16 [ 28.258185] binder_alloc: 3367: binder_alloc_buf, no vma [ 28.258221] binder: 3386:3388 transaction failed 29189/-3, size 0-0 line 3128 [ 28.258576] binder: BINDER_SET_CONTEXT_MGR already set [ 28.258581] binder: 3384:3387 ioctl 40046207 0 returned -16 [ 28.268133] binder: BINDER_SET_CONTEXT_MGR already set [ 28.268139] binder: 3386:3389 ioctl 40046207 0 returned -16 [ 28.277493] binder: BINDER_SET_CONTEXT_MGR already set [ 28.277503] binder: 3391:3392 ioctl 40046207 0 returned -16 [ 28.277679] binder_alloc: 3362: binder_alloc_buf, no vma [ 28.277717] binder: 3391:3392 transaction failed 29189/-3, size 0-0 line 3128 [ 28.289246] binder: BINDER_SET_CONTEXT_MGR already set [ 28.289252] binder: 3391:3393 ioctl 40046207 0 returned -16 [ 28.290270] binder: BINDER_SET_CONTEXT_MGR already set [ 28.290275] binder: 3394:3395 ioctl 40046207 0 returned -16 [ 28.290535] binder_alloc: 3367: binder_alloc_buf, no vma [ 28.290572] binder: 3394:3395 transaction failed 29189/-3, size 0-0 line 3128 [ 28.297103] binder: BINDER_SET_CONTEXT_MGR already set [ 28.297109] binder: 3394:3397 ioctl 40046207 0 returned -16 [ 28.313701] binder: BINDER_SET_CONTEXT_MGR already set [ 28.313708] binder: 3363:3398 ioctl 40046207 0 returned -16 [ 28.315430] binder: 3363:3364 got new transaction with bad transaction stack, transaction 22 has target 3363:0 [ 28.315439] binder: 3363:3364 transaction failed 29201/-71, size 0-0 line 3032 [ 28.527731] CPU: 1 PID: 19 Comm: kworker/u4:1 Not tainted 4.4.111-g7902639 #18 [ 28.535054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.544386] Workqueue: binder binder_deferred_func [ 28.549401] 0000000000000000 dbf215351dd4f9c2 ffff8801d98ff910 ffffffff81d0509d [ 28.557361] ffffffff83842f60 ffff8801d98ff9e8 ffffffff83c74d80 0000000000000009 [ 28.565311] 0000000000000868 ffff8801d98ff9d8 ffffffff81419a3a 0000000041b58ab3 [ 28.573298] Call Trace: [ 28.575871] [] dump_stack+0xc1/0x124 [ 28.581229] [] panic+0x1aa/0x388 [ 28.586214] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 28.593112] [] ? warn_slowpath_common+0x10a/0x140 [ 28.599568] [] warn_slowpath_common+0x125/0x140 [ 28.605873] [] ? binder_send_failed_reply+0x147/0x3a0 [ 28.612678] [] warn_slowpath_fmt+0xc1/0x110 [ 28.618612] [] ? warn_slowpath_common+0x140/0x140 [ 28.625070] [] ? _binder_inner_proc_lock+0x2c/0x50 [ 28.631615] [] binder_send_failed_reply+0x147/0x3a0 [ 28.638254] [] binder_cleanup_transaction+0xd2/0x140 [ 28.644975] [] binder_release_work+0x192/0x260 [ 28.651181] [] ? _raw_spin_unlock+0x2c/0x50 [ 28.657124] [] binder_deferred_func+0x9aa/0xd10 [ 28.663410] [] ? __lock_is_held+0xa1/0xf0 [ 28.669173] [] process_one_work+0x7d7/0x16e0 [ 28.675204] [] ? process_one_work+0x6f7/0x16e0 [ 28.681412] [] ? pwq_dec_nr_in_flight+0x280/0x280 [ 28.687872] [] ? worker_thread+0x284/0xfe0 [ 28.693722] [] worker_thread+0xdf/0xfe0 [ 28.699311] [] kthread+0x268/0x300 [ 28.704466] [] ? process_one_work+0x16e0/0x16e0 [ 28.710750] [] ? kthread_create_on_node+0x400/0x400 [ 28.717383] [] ? kthread_create_on_node+0x400/0x400 [ 28.724016] [] ret_from_fork+0x3f/0x70 [ 28.729519] [] ? kthread_create_on_node+0x400/0x400 [ 28.736659] Dumping ftrace buffer: [ 28.740216] (ftrace buffer empty) [ 28.743901] Kernel Offset: disabled [ 28.747519] Rebooting in 86400 seconds..