[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.737046] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.253620] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 21.599515] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 22.354921] random: sshd: uninitialized urandom read (32 bytes read, 90 bits of entropy available) [ 26.802685] random: sshd: uninitialized urandom read (32 bytes read, 100 bits of entropy available) Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 32.154051] random: sshd: uninitialized urandom read (32 bytes read, 102 bits of entropy available) 2018/01/02 16:01:56 parsed 1 programs 2018/01/02 16:01:56 executed programs: 0 [ 32.416638] IPVS: Creating netns size=2552 id=1 [ 32.439316] audit: type=1400 audit(1514908916.063:5): avc: denied { set_context_mgr } for pid=3338 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 32.466564] audit: type=1400 audit(1514908916.093:6): avc: denied { call } for pid=3338 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 32.491364] IPVS: Creating netns size=2552 id=2 [ 32.503230] binder: send failed reply for transaction 2 to 3338:3339 [ 32.526278] binder: release 3338:3339 transaction 4 out, still active [ 32.535122] binder: undelivered TRANSACTION_COMPLETE [ 32.537938] binder: BINDER_SET_CONTEXT_MGR already set [ 32.537943] binder: 3348:3349 ioctl 40046207 0 returned -16 [ 32.539785] binder_alloc: 3338: binder_alloc_buf, no vma [ 32.539810] binder: 3348:3349 transaction failed 29189/-3, size 0-0 line 3128 [ 32.543387] binder: BINDER_SET_CONTEXT_MGR already set [ 32.543391] binder: 3343:3346 ioctl 40046207 0 returned -16 [ 32.549491] binder: 3343:3344 got new transaction with bad transaction stack, transaction 6 has target 3343:0 [ 32.549498] binder: 3343:3344 transaction failed 29201/-71, size 0-0 line 3032 [ 32.550765] binder: BINDER_SET_CONTEXT_MGR already set [ 32.550768] binder: 3348:3351 ioctl 40046207 0 returned -16 [ 32.569994] binder: BINDER_SET_CONTEXT_MGR already set [ 32.569999] binder: 3352:3353 ioctl 40046207 0 returned -16 [ 32.571199] binder_alloc: 3343: binder_alloc_buf, no vma [ 32.571223] binder: 3352:3353 transaction failed 29189/-3, size 0-0 line 3128 [ 32.574286] binder: BINDER_SET_CONTEXT_MGR already set [ 32.574290] binder: 3354:3356 ioctl 40046207 0 returned -16 [ 32.575961] binder_alloc: 3338: binder_alloc_buf, no vma [ 32.575984] binder: 3354:3356 transaction failed 29189/-3, size 0-0 line 3128 [ 32.585413] binder: BINDER_SET_CONTEXT_MGR already set [ 32.585418] binder: 3354:3357 ioctl 40046207 0 returned -16 [ 32.587586] binder: BINDER_SET_CONTEXT_MGR already set [ 32.587590] binder: 3352:3355 ioctl 40046207 0 returned -16 [ 32.610711] binder: BINDER_SET_CONTEXT_MGR already set [ 32.610715] binder: 3358:3359 ioctl 40046207 0 returned -16 [ 32.611926] binder_alloc: 3338: binder_alloc_buf, no vma [ 32.611950] binder: 3358:3359 transaction failed 29189/-3, size 0-0 line 3128 [ 32.614522] binder: BINDER_SET_CONTEXT_MGR already set [ 32.614526] binder: 3360:3362 ioctl 40046207 0 returned -16 [ 32.616170] binder_alloc: 3343: binder_alloc_buf, no vma [ 32.616194] binder: 3360:3362 transaction failed 29189/-3, size 0-0 line 3128 [ 32.625073] binder: BINDER_SET_CONTEXT_MGR already set [ 32.625078] binder: 3360:3363 ioctl 40046207 0 returned -16 [ 32.627381] binder: BINDER_SET_CONTEXT_MGR already set [ 32.627385] binder: 3358:3361 ioctl 40046207 0 returned -16 [ 32.650584] binder: BINDER_SET_CONTEXT_MGR already set [ 32.650589] binder: 3364:3366 ioctl 40046207 0 returned -16 [ 32.651799] binder_alloc: 3343: binder_alloc_buf, no vma [ 32.651822] binder: 3364:3366 transaction failed 29189/-3, size 0-0 line 3128 [ 32.654418] binder: BINDER_SET_CONTEXT_MGR already set [ 32.654422] binder: 3365:3367 ioctl 40046207 0 returned -16 [ 32.655673] binder_alloc: 3338: binder_alloc_buf, no vma [ 32.655697] binder: 3365:3367 transaction failed 29189/-3, size 0-0 line 3128 [ 32.664578] binder: BINDER_SET_CONTEXT_MGR already set [ 32.664583] binder: 3364:3368 ioctl 40046207 0 returned -16 [ 32.668159] binder: BINDER_SET_CONTEXT_MGR already set [ 32.668163] binder: 3365:3369 ioctl 40046207 0 returned -16 [ 32.689721] binder: BINDER_SET_CONTEXT_MGR already set [ 32.689725] binder: 3370:3371 ioctl 40046207 0 returned -16 [ 32.690926] binder_alloc: 3343: binder_alloc_buf, no vma [ 32.690950] binder: 3370:3371 transaction failed 29189/-3, size 0-0 line 3128 [ 32.695324] binder: BINDER_SET_CONTEXT_MGR already set [ 32.695329] binder: 3372:3374 ioctl 40046207 0 returned -16 [ 32.696979] binder_alloc: 3338: binder_alloc_buf, no vma [ 32.697003] binder: 3372:3374 transaction failed 29189/-3, size 0-0 line 3128 [ 32.700565] binder: BINDER_SET_CONTEXT_MGR already set [ 32.700569] binder: 3370:3373 ioctl 40046207 0 returned -16 [ 32.707463] binder: BINDER_SET_CONTEXT_MGR already set [ 32.707468] binder: 3372:3375 ioctl 40046207 0 returned -16 [ 32.881971] IPVS: Creating netns size=2552 id=3 [ 32.885624] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.885647] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.886332] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.886354] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.886702] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.886722] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.887076] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.887098] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.887443] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.887467] binder: release 3343:3344 transaction 6 out, still active [ 32.887469] binder: undelivered TRANSACTION_COMPLETE [ 32.887477] binder: undelivered TRANSACTION_ERROR: 29201 [ 32.887762] binder: send failed reply for transaction 6, target dead [ 32.892202] binder: send failed reply for transaction 4, target dead [ 32.897568] binder: undelivered TRANSACTION_COMPLETE [ 32.897576] binder: undelivered TRANSACTION_ERROR: 29189 [ 33.001610] binder: send failed reply for transaction 18 to 3378:3379 [ 33.008523] binder: release 3378:3379 transaction 20 out, still active [ 33.010994] IPVS: Creating netns size=2552 id=4 [ 33.021503] binder: undelivered TRANSACTION_COMPLETE [ 33.026672] binder: undelivered TRANSACTION_COMPLETE [ 33.031890] binder: undelivered TRANSACTION_ERROR: 29189 [ 33.037428] binder: send failed reply for transaction 20, target dead [ 33.044084] binder: send failed reply for transaction 22 to 3381:3382 [ 33.055165] IPVS: Creating netns size=2552 id=5 [ 33.064551] binder: send failed reply for transaction 24 to 3381:3382 [ 33.071146] ------------[ cut here ]------------ [ 33.075949] WARNING: CPU: 1 PID: 19 at drivers/android/binder.c:2152 binder_send_failed_reply+0x147/0x3a0() [ 33.085809] Unexpected reply error: 29189 [ 33.090028] Kernel panic - not syncing: panic_on_warn set ... [ 33.090028] [ 33.091653] binder: BINDER_SET_CONTEXT_MGR already set [ 33.091657] binder: 3388:3390 ioctl 40046207 0 returned -16 [ 33.096778] binder: 3388:3389 got new transaction with bad transaction stack, transaction 26 has target 3388:0 [ 33.096785] binder: 3388:3389 transaction failed 29201/-71, size 0-0 line 3032 [ 33.098047] binder: BINDER_SET_CONTEXT_MGR already set [ 33.098051] binder: 3386:3391 ioctl 40046207 0 returned -16 [ 33.102899] binder: 3386:3387 got new transaction with bad transaction stack, transaction 28 has target 3386:0 [ 33.102906] binder: 3386:3387 transaction failed 29201/-71, size 0-0 line 3032 [ 33.129506] binder: BINDER_SET_CONTEXT_MGR already set [ 33.129511] binder: 3396:3401 ioctl 40046207 0 returned -16 [ 33.133137] binder_alloc: 3388: binder_alloc_buf, no vma [ 33.133161] binder: 3396:3401 transaction failed 29189/-3, size 0-0 line 3128 [ 33.135321] binder: BINDER_SET_CONTEXT_MGR already set [ 33.135325] binder: 3395:3399 ioctl 40046207 0 returned -16 [ 33.135453] binder: BINDER_SET_CONTEXT_MGR already set [ 33.135456] binder: 3394:3400 ioctl 40046207 0 returned -16 [ 33.142696] binder: 3395:3398 got new transaction with bad transaction stack, transaction 33 has target 3395:0 [ 33.142703] binder: 3395:3398 transaction failed 29201/-71, size 0-0 line 3032 [ 33.142786] binder: 3394:3397 got new transaction with bad transaction stack, transaction 34 has target 3394:0 [ 33.142791] binder: 3394:3397 transaction failed 29201/-71, size 0-0 line 3032 [ 33.145514] binder: BINDER_SET_CONTEXT_MGR already set [ 33.145520] binder: 3396:3402 ioctl 40046207 0 returned -16 [ 33.245416] CPU: 1 PID: 19 Comm: kworker/u4:1 Not tainted 4.4.107-g610c835 #12 [ 33.252738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.262081] Workqueue: binder binder_deferred_func [ 33.267086] 0000000000000000 e8557694bf4c3df1 ffff8801da3ff910 ffffffff81d0457d [ 33.275031] ffffffff838429a0 ffff8801da3ff9e8 ffffffff83c74a40 0000000000000009 [ 33.282978] 0000000000000868 ffff8801da3ff9d8 ffffffff8141774a 0000000041b58ab3 [ 33.290935] Call Trace: [ 33.293493] [] dump_stack+0xc1/0x124 [ 33.298825] [] panic+0x1aa/0x388 [ 33.303806] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 33.310697] [] ? warn_slowpath_common+0x10a/0x140 [ 33.317155] [] warn_slowpath_common+0x125/0x140 [ 33.323456] [] ? binder_send_failed_reply+0x147/0x3a0 [ 33.330259] [] warn_slowpath_fmt+0xc1/0x110 [ 33.336194] [] ? warn_slowpath_common+0x140/0x140 [ 33.342663] [] ? _binder_inner_proc_lock+0x2c/0x50 [ 33.349207] [] binder_send_failed_reply+0x147/0x3a0 [ 33.355835] [] binder_cleanup_transaction+0xd2/0x140 [ 33.362558] [] binder_release_work+0x192/0x260 [ 33.368754] [] ? _raw_spin_unlock+0x2c/0x50 [ 33.374697] [] binder_deferred_func+0x9aa/0xd10 [ 33.380981] [] ? __lock_is_held+0xa1/0xf0 [ 33.386743] [] process_one_work+0x7d7/0x16e0 [ 33.392763] [] ? process_one_work+0x6f7/0x16e0 [ 33.398961] [] ? pwq_dec_nr_in_flight+0x280/0x280 [ 33.405416] [] ? worker_thread+0x284/0xfe0 [ 33.411276] [] worker_thread+0xdf/0xfe0 [ 33.416867] [] ? __schedule+0xa99/0x1c70 [ 33.422548] [] ? preempt_schedule+0x24/0x30 [ 33.428484] [] ? ___preempt_schedule+0x12/0x14 [ 33.434690] [] kthread+0x268/0x300 [ 33.439843] [] ? process_one_work+0x16e0/0x16e0 [ 33.446124] [] ? kthread_create_on_node+0x400/0x400 [ 33.452754] [] ? kthread_create_on_node+0x400/0x400 [ 33.459382] [] ret_from_fork+0x3f/0x70 [ 33.464883] [] ? kthread_create_on_node+0x400/0x400 [ 33.471666] Dumping ftrace buffer: [ 33.475214] (ftrace buffer empty) [ 33.478891] Kernel Offset: disabled [ 33.482513] Rebooting in 86400 seconds..