[....] Starting enhanced syslogd: rsyslogd[ 11.213133] audit: type=1400 audit(1514319380.874:5): avc: denied { syslog } for pid=2991 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.295590] audit: type=1400 audit(1514319387.957:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-386-2,10.128.0.37' (ECDSA) to the list of known hosts. [ 28.295156] audit: type=1400 audit(1514319397.956:7): avc: denied { map } for pid=3147 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/26 20:16:38 parsed 1 programs 2017/12/26 20:16:38 executed programs: 0 [ 28.395120] audit: type=1400 audit(1514319398.056:8): avc: denied { map } for pid=3147 comm="syz-execprog" path="/root/syzkaller-shm888694432" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 28.421429] audit: type=1400 audit(1514319398.057:9): avc: denied { sys_admin } for pid=3152 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.489371] audit: type=1400 audit(1514319398.151:10): avc: denied { sys_chroot } for pid=3155 comm="syz-executor4" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.495333] binder: send failed reply for transaction 2 to 3171:3172 [ 28.517524] binder: 3171:3173 transaction failed 29189/-22, size 0-0 line 2775 [ 28.521780] binder: BINDER_SET_CONTEXT_MGR already set [ 28.521787] binder: 3174:3175 ioctl 40046207 0 returned -16 [ 28.521869] binder_alloc: 3171: binder_alloc_buf, no vma [ 28.521889] binder: 3174:3175 transaction failed 29189/-3, size 0-0 line 2890 [ 28.522357] binder: undelivered TRANSACTION_COMPLETE [ 28.522364] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.522371] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.529235] binder: send failed reply for transaction 7 to 3174:3176 [ 28.533105] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.533112] binder: undelivered TRANSACTION_COMPLETE [ 28.533116] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.537744] binder: send failed reply for transaction 9 to 3177:3178 [ 28.543888] binder: send failed reply for transaction 11 to 3177:3179 [ 28.544124] binder: undelivered TRANSACTION_COMPLETE [ 28.544130] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.544135] binder: undelivered TRANSACTION_COMPLETE [ 28.544139] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.548604] binder: send failed reply for transaction 13 to 3180:3181 [ 28.556548] binder: send failed reply for transaction 15 to 3180:3182 [ 28.561933] binder: undelivered TRANSACTION_COMPLETE [ 28.561938] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.561944] binder: undelivered TRANSACTION_COMPLETE [ 28.561948] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.566432] binder: send failed reply for transaction 17 to 3183:3184 [ 28.572484] binder: send failed reply for transaction 19 to 3183:3185 [ 28.573755] binder: undelivered TRANSACTION_COMPLETE [ 28.573761] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.573766] binder: undelivered TRANSACTION_COMPLETE [ 28.573770] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.578327] binder: send failed reply for transaction 21 to 3186:3187 [ 28.584381] binder: send failed reply for transaction 23 to 3186:3188 [ 28.584459] binder: undelivered TRANSACTION_COMPLETE [ 28.584464] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.584469] binder: undelivered TRANSACTION_COMPLETE [ 28.584473] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.589047] binder: send failed reply for transaction 25 to 3189:3190 [ 28.595507] binder: send failed reply for transaction 27 to 3189:3191 [ 28.596606] binder: undelivered TRANSACTION_COMPLETE [ 28.596613] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.596621] binder: undelivered TRANSACTION_COMPLETE [ 28.596625] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.601346] binder: send failed reply for transaction 29 to 3192:3193 [ 28.609318] binder: send failed reply for transaction 31 to 3192:3194 [ 28.613987] binder: undelivered TRANSACTION_COMPLETE [ 28.613993] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.613998] binder: undelivered TRANSACTION_COMPLETE [ 28.614023] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.618566] binder: send failed reply for transaction 33 to 3195:3196 [ 28.624217] binder: send failed reply for transaction 35 to 3195:3197 [ 28.624429] binder: undelivered TRANSACTION_COMPLETE [ 28.624435] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.624442] binder: undelivered TRANSACTION_COMPLETE [ 28.624447] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.630127] binder: send failed reply for transaction 37 to 3198:3199 [ 28.636292] binder: send failed reply for transaction 39 to 3198:3200 [ 28.637547] binder: undelivered TRANSACTION_COMPLETE [ 28.637552] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.637557] binder: undelivered TRANSACTION_COMPLETE [ 28.637561] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.864599] audit: type=1400 audit(1514319398.154:11): avc: denied { map } for pid=3171 comm="syz-executor4" path="/dev/binder4" dev="devtmpfs" ino=1079 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 28.889343] audit: type=1400 audit(1514319398.154:12): avc: denied { set_context_mgr } for pid=3171 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 28.912520] audit: type=1400 audit(1514319398.155:13): avc: denied { call } for pid=3171 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 28.950838] binder: send failed reply for transaction 41 to 3201:3202 [ 28.957583] binder_alloc: 3201: binder_alloc_buf, no vma [ 28.963346] binder: 3201:3202 transaction failed 29189/-3, size 0-0 line 2890 [ 28.973075] binder: undelivered TRANSACTION_COMPLETE [ 28.978200] binder: undelivered TRANSACTION_ERROR: 29189 [ 28.981218] binder: BINDER_SET_CONTEXT_MGR already set [ 28.981223] binder: 3204:3205 ioctl 40046207 0 returned -16 [ 28.981262] binder_alloc: 3204: binder_alloc_buf, no vma [ 28.981274] binder: 3204:3206 transaction failed 29189/-3, size 0-0 line 2890 [ 29.007348] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.012836] binder: send failed reply for transaction 45 to 3204:3205 [ 29.021107] binder: undelivered TRANSACTION_COMPLETE [ 29.026210] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.031670] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.059677] binder: send failed reply for transaction 48 to 3207:3208 [ 29.072135] binder: release 3207:3208 transaction 50 out, still active [ 29.075604] binder: BINDER_SET_CONTEXT_MGR already set [ 29.075610] binder: 3210:3211 ioctl 40046207 0 returned -16 [ 29.075671] binder_alloc: 3207: binder_alloc_buf, no vma [ 29.075683] binder: 3210:3211 transaction failed 29189/-3, size 0-0 line 2890 [ 29.080720] binder: BINDER_SET_CONTEXT_MGR already set [ 29.080726] binder: 3210:3211 ioctl 40046207 0 returned -16 [ 29.080765] binder_alloc: 3207: binder_alloc_buf, no vma [ 29.080777] binder: 3210:3212 transaction failed 29189/-3, size 0-0 line 2890 [ 29.126171] binder: undelivered TRANSACTION_COMPLETE [ 29.131332] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.136804] binder: undelivered TRANSACTION_COMPLETE [ 29.141988] binder: send failed reply for transaction 50, target dead [ 29.148902] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.154370] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.188641] binder: send failed reply for transaction 54 to 3213:3214 [ 29.199793] binder: send failed reply for transaction 56 to 3213:3214 [ 29.206414] ------------[ cut here ]------------ [ 29.210236] binder: BINDER_SET_CONTEXT_MGR already set [ 29.210242] binder: 3216:3217 ioctl 40046207 0 returned -16 [ 29.210289] binder_alloc: 3216: binder_alloc_buf, no vma [ 29.210301] binder: 3216:3218 transaction failed 29189/-3, size 0-0 line 2890 [ 29.234829] Unexpected reply error: 29189 [ 29.239074] WARNING: CPU: 1 PID: 23 at drivers/android/binder.c:1924 binder_send_failed_reply+0x13b/0x350 [ 29.248747] Kernel panic - not syncing: panic_on_warn set ... [ 29.248747] [ 29.256076] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.15.0-rc5+ #147 [ 29.262967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.272298] Workqueue: events binder_deferred_func [ 29.277194] Call Trace: [ 29.279753] dump_stack+0x194/0x257 [ 29.283348] ? arch_local_irq_restore+0x53/0x53 [ 29.287989] ? vsnprintf+0x1ed/0x1900 [ 29.291759] panic+0x1e4/0x41c [ 29.294920] ? refcount_error_report+0x214/0x214 [ 29.299641] ? show_regs_print_info+0x18/0x18 [ 29.304119] ? __warn+0x1c1/0x200 [ 29.307550] ? binder_send_failed_reply+0x13b/0x350 [ 29.312531] __warn+0x1dc/0x200 [ 29.315776] ? console_unlock+0x983/0xd80 [ 29.319890] ? binder_send_failed_reply+0x13b/0x350 [ 29.324875] report_bug+0x211/0x2d0 [ 29.328837] fixup_bug.part.11+0x37/0x80 [ 29.332867] do_error_trap+0x2d7/0x3e0 [ 29.336721] ? __down_trylock_console_sem+0x10d/0x1e0 [ 29.341877] ? math_error+0x400/0x400 [ 29.345640] ? vprintk_emit+0x3ea/0x590 [ 29.349583] ? vprintk_emit+0x3ea/0x590 [ 29.353533] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.358347] do_invalid_op+0x1b/0x20 [ 29.362028] invalid_op+0x22/0x40 [ 29.365447] RIP: 0010:binder_send_failed_reply+0x13b/0x350 [ 29.371031] RSP: 0018:ffff8801d9caf128 EFLAGS: 00010286 [ 29.376364] RAX: dffffc0000000008 RBX: ffff8801d6bc1b00 RCX: ffffffff8159b57e [ 29.383600] RDX: 0000000000000000 RSI: 1ffff1003b395de0 RDI: ffff8801d9caee30 [ 29.390837] RBP: ffff8801d9caf150 R08: 1ffff1003b395da2 R09: 0000000000000000 [ 29.398070] R10: ffff8801d9caefa0 R11: 0000000000000000 R12: ffff8801c7c6cac0 [ 29.405306] R13: 0000000000007205 R14: 0000000000007205 R15: 0000000000000c8d [ 29.412554] ? vprintk_func+0x5e/0xc0 [ 29.416328] ? binder_send_failed_reply+0x13b/0x350 [ 29.421312] binder_cleanup_transaction+0xd2/0x140 [ 29.426212] binder_release_work+0x340/0x490 [ 29.430586] ? lock_downgrade+0x980/0x980 [ 29.434703] ? kzalloc.constprop.53+0x20/0x20 [ 29.439168] ? do_raw_spin_trylock+0x190/0x190 [ 29.443718] ? kfree+0xf0/0x260 [ 29.446962] ? binder_deferred_func+0xe8a/0x12f0 [ 29.451687] ? _raw_spin_unlock+0x22/0x30 [ 29.455803] binder_deferred_func+0xdf5/0x12f0 [ 29.460362] ? binder_cleanup_ref_olocked+0xab0/0xab0 [ 29.465518] ? debug_object_deactivate+0x364/0x560 [ 29.470411] ? lock_downgrade+0x980/0x980 [ 29.474529] ? lock_release+0xa40/0xa40 [ 29.478473] ? check_noncircular+0x20/0x20 [ 29.482678] ? lock_acquire+0x1d5/0x580 [ 29.486701] ? lock_acquire+0x1d5/0x580 [ 29.490640] ? process_one_work+0xb01/0x1b10 [ 29.495025] ? __lock_is_held+0xb6/0x140 [ 29.499063] process_one_work+0xbbf/0x1b10 [ 29.503262] ? trace_hardirqs_on+0xd/0x10 [ 29.507383] ? pwq_dec_nr_in_flight+0x450/0x450 [ 29.512024] ? __schedule+0x8f3/0x2060 [ 29.515876] ? update_curr+0x2e3/0xa60 [ 29.519737] ? check_noncircular+0x20/0x20 [ 29.523939] ? __lock_is_held+0xb6/0x140 [ 29.527991] ? lock_acquire+0x1d5/0x580 [ 29.531932] ? lock_acquire+0x1d5/0x580 [ 29.535872] ? worker_thread+0x4a3/0x1990 [ 29.539985] ? lock_downgrade+0x980/0x980 [ 29.544102] ? lock_release+0xa40/0xa40 [ 29.548042] ? worker_pool_assign_id+0x1b0/0x1b0 [ 29.552766] ? do_raw_spin_trylock+0x190/0x190 [ 29.557327] worker_thread+0x223/0x1990 [ 29.561284] ? process_one_work+0x1b10/0x1b10 [ 29.565747] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.570206] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.575188] ? trace_hardirqs_on+0xd/0x10 [ 29.579300] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.583767] ? finish_task_switch+0x1d3/0x740 [ 29.588226] ? finish_task_switch+0x1aa/0x740 [ 29.592690] ? copy_overflow+0x20/0x20 [ 29.596554] ? __schedule+0x8f3/0x2060 [ 29.600425] ? find_held_lock+0x35/0x1d0 [ 29.604460] ? find_held_lock+0x35/0x1d0 [ 29.608492] ? complete+0x62/0x80 [ 29.611917] ? __schedule+0x2060/0x2060 [ 29.615855] ? do_wait_intr_irq+0x3e0/0x3e0 [ 29.620139] ? __lockdep_init_map+0xe4/0x650 [ 29.624519] ? do_raw_spin_trylock+0x190/0x190 [ 29.629065] ? lockdep_init_map+0x9/0x10 [ 29.633091] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 29.638159] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.643142] ? trace_hardirqs_on+0xd/0x10 [ 29.647255] ? __kthread_parkme+0x175/0x240 [ 29.651543] kthread+0x33c/0x400 [ 29.654876] ? process_one_work+0x1b10/0x1b10 [ 29.659332] ? kthread_stop+0x7a0/0x7a0 [ 29.663273] ret_from_fork+0x24/0x30 [ 29.667135] Dumping ftrace buffer: [ 29.670682] (ftrace buffer empty) [ 29.674359] Kernel Offset: disabled [ 29.677955] Rebooting in 86400 seconds..