[....] Starting enhanced syslogd: rsyslogd[ 13.805044] audit: type=1400 audit(1520252944.115:4): avc: denied { syslog } for pid=3588 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2018/03/05 12:29:17 parsed 1 programs 2018/03/05 12:29:17 executed programs: 0 syzkaller login: [ 27.402917] audit: type=1400 audit(1520252957.715:5): avc: denied { sys_admin } for pid=3750 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 27.438509] IPVS: Creating netns size=2536 id=1 [ 27.461798] IPVS: Creating netns size=2536 id=2 [ 27.473030] IPVS: Creating netns size=2536 id=3 [ 27.483548] IPVS: Creating netns size=2536 id=4 [ 27.494049] IPVS: Creating netns size=2536 id=5 [ 27.499075] audit: type=1400 audit(1520252957.815:6): avc: denied { sys_chroot } for pid=3753 comm="syz-executor5" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 27.499854] audit: type=1400 audit(1520252957.815:7): avc: denied { net_admin } for pid=3753 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 27.508603] audit: type=1400 audit(1520252957.825:8): avc: denied { set_context_mgr } for pid=3780 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 27.509209] binder: 3780:3781 ERROR: BC_REGISTER_LOOPER called without request [ 27.532163] audit: type=1400 audit(1520252957.845:9): avc: denied { call } for pid=3780 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 27.533727] binder: release 3780:3781 transaction 3 out, still active [ 27.533731] binder: release 3780:3781 transaction 2 in, still active [ 27.533733] binder: undelivered TRANSACTION_COMPLETE [ 27.533777] binder: 3780:3781 BC_ACQUIRE_DONE u0000000000000000 node 1 cookie mismatch 0000000000000004 != 0000000000000000 [ 27.533822] binder: BINDER_SET_CONTEXT_MGR already set [ 27.533826] binder: 3788:3789 ioctl 40046207 0 returned -16 [ 27.534420] binder: 3788:3789 ERROR: BC_REGISTER_LOOPER called without request [ 27.535406] binder: BINDER_SET_CONTEXT_MGR already set [ 27.535410] binder: 3784:3790 ioctl 40046207 0 returned -16 [ 27.536020] binder: 3784:3790 ERROR: BC_REGISTER_LOOPER called without request [ 27.555301] binder: 3780:3787 got new transaction with bad transaction stack, transaction 2 has target 0:0 [ 27.555309] binder: 3780:3787 transaction failed 29201/-71, size 0-0 line 3031 [ 27.557746] binder: 3788:3794 got new transaction with bad transaction stack, transaction 5 has target 3780:0 [ 27.557752] binder: 3788:3794 transaction failed 29201/-71, size 0-0 line 3031 [ 27.557924] binder: BINDER_SET_CONTEXT_MGR already set [ 27.557928] binder: 3793:3795 ioctl 40046207 0 returned -16 [ 27.558965] binder: release 3788:3794 transaction 5 out, still active [ 27.558967] binder: undelivered TRANSACTION_COMPLETE [ 27.558972] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.559002] binder: 3793:3795 ERROR: BC_REGISTER_LOOPER called without request [ 27.560101] binder: 3788:3794 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.560167] binder: 3784:3796 got new transaction with bad transaction stack, transaction 7 has target 3780:0 [ 27.560173] binder: 3784:3796 transaction failed 29201/-71, size 0-0 line 3031 [ 27.561256] binder: release 3784:3796 transaction 7 out, still active [ 27.561258] binder: undelivered TRANSACTION_COMPLETE [ 27.561262] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.562376] binder: 3784:3796 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.566953] binder: BINDER_SET_CONTEXT_MGR already set [ 27.566958] binder: 3780:3797 ioctl 40046207 0 returned -16 [ 27.568083] binder: 3780:3787 ERROR: BC_REGISTER_LOOPER called without request [ 27.568112] binder_alloc: 3780: binder_alloc_buf, no vma [ 27.568123] binder: 3780:3797 transaction failed 29189/-3, size 0-0 line 3127 [ 27.569255] binder_alloc: 3780: binder_alloc_buf, no vma [ 27.569264] binder: 3780:3787 transaction failed 29189/-3, size 0-0 line 3127 [ 27.569278] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.573771] binder: release 3780:3787 transaction 2 out, still active [ 27.573773] binder: undelivered TRANSACTION_COMPLETE [ 27.573780] binder: send failed reply for transaction 3, target dead [ 27.573784] binder: send failed reply for transaction 2, target dead [ 27.573788] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.573800] binder: send failed reply for transaction 5, target dead [ 27.573803] binder: send failed reply for transaction 7, target dead [ 27.583829] binder: 3799:3800 ERROR: BC_REGISTER_LOOPER called without request [ 27.585481] binder: 3799:3800 got new transaction with bad transaction stack, transaction 13 has target 3799:0 [ 27.585487] binder: 3799:3800 transaction failed 29201/-71, size 0-0 line 3031 [ 27.585519] binder: release 3799:3800 transaction 13 out, still active [ 27.585522] binder: release 3799:3800 transaction 12 in, still active [ 27.585524] binder: undelivered TRANSACTION_COMPLETE [ 27.585528] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.585567] binder: 3799:3800 BC_ACQUIRE_DONE u0000000000000000 node 11 cookie mismatch 0000000000000004 != 0000000000000000 [ 27.588808] binder: 3793:3798 got new transaction with bad transaction stack, transaction 16 has target 3799:0 [ 27.588814] binder: 3793:3798 transaction failed 29201/-71, size 0-0 line 3031 [ 27.589879] binder: release 3793:3798 transaction 16 out, still active [ 27.589890] binder: undelivered TRANSACTION_COMPLETE [ 27.589894] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.590969] binder: 3793:3798 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.597157] binder: BINDER_SET_CONTEXT_MGR already set [ 27.597170] binder: 3784:3803 ioctl 40046207 0 returned -16 [ 27.598322] binder: 3784:3802 ERROR: BC_REGISTER_LOOPER called without request [ 27.598608] binder: BINDER_SET_CONTEXT_MGR already set [ 27.598613] binder: 3788:3804 ioctl 40046207 0 returned -16 [ 27.599534] binder: release 3784:3803 transaction 18 out, still active [ 27.599536] binder: undelivered TRANSACTION_COMPLETE [ 27.599701] binder: 3788:3801 ERROR: BC_REGISTER_LOOPER called without request [ 27.600666] binder: 3784:3802 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.600877] binder: release 3788:3804 transaction 20 out, still active [ 27.600880] binder: undelivered TRANSACTION_COMPLETE [ 27.602105] binder: 3788:3801 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.603600] binder: release 3784:3802 transaction 19 out, still active [ 27.603602] binder: undelivered TRANSACTION_COMPLETE [ 27.603700] binder: release 3784:3802 transaction 12 out, still active [ 27.603702] binder: undelivered TRANSACTION_COMPLETE [ 27.608471] binder: release 3788:3801 transaction 21 out, still active [ 27.608474] binder: undelivered TRANSACTION_COMPLETE [ 27.608565] binder: release 3788:3801 transaction 15 out, still active [ 27.608567] binder: undelivered TRANSACTION_COMPLETE [ 27.611965] binder: BINDER_SET_CONTEXT_MGR already set [ 27.612003] binder: 3805:3808 ioctl 40046207 0 returned -16 [ 27.612583] binder: 3805:3808 ERROR: BC_REGISTER_LOOPER called without request [ 27.613998] binder: BINDER_SET_CONTEXT_MGR already set [ 27.614003] binder: 3807:3809 ioctl 40046207 0 returned -16 [ 27.614558] binder: 3807:3809 ERROR: BC_REGISTER_LOOPER called without request [ 27.620201] binder: BINDER_SET_CONTEXT_MGR already set [ 27.620206] binder: 3799:3811 ioctl 40046207 0 returned -16 [ 27.621326] binder: 3799:3806 ERROR: BC_REGISTER_LOOPER called without request [ 27.621356] binder_alloc: 3799: binder_alloc_buf, no vma [ 27.621366] binder: 3799:3811 transaction failed 29189/-3, size 0-0 line 3127 [ 27.622487] binder_alloc: 3799: binder_alloc_buf, no vma [ 27.622495] binder: 3799:3806 transaction failed 29189/-3, size 0-0 line 3127 [ 27.622508] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.626614] binder: release 3799:3806 transaction 22 out, still active [ 27.626617] binder: undelivered TRANSACTION_COMPLETE [ 27.626628] binder: send failed reply for transaction 13, target dead [ 27.626631] binder: send failed reply for transaction 12, target dead [ 27.626635] binder: send failed reply for transaction 15, target dead [ 27.626638] binder: send failed reply for transaction 16, target dead [ 27.626642] binder: send failed reply for transaction 18, target dead [ 27.626646] binder: send failed reply for transaction 19, target dead [ 27.626649] binder: send failed reply for transaction 20, target dead [ 27.626653] binder: send failed reply for transaction 21, target dead [ 27.626656] binder: send failed reply for transaction 22, target dead [ 27.626662] binder: send failed reply for transaction 23 to 3793:3810 [ 27.633275] binder: 3793:3810 ERROR: BC_REGISTER_LOOPER called without request [ 27.634474] binder: BINDER_SET_CONTEXT_MGR already set [ 27.634479] binder: 3813:3814 ioctl 40046207 0 returned -16 [ 27.635095] binder: 3813:3814 ERROR: BC_REGISTER_LOOPER called without request [ 27.636451] binder: release 3793:3812 transaction 28 out, still active [ 27.636453] binder: undelivered TRANSACTION_COMPLETE [ 27.636516] binder: 3805:3815 got new transaction with bad transaction stack, transaction 27 has target 3793:0 [ 27.636521] binder: 3805:3815 transaction failed 29201/-71, size 0-0 line 3031 [ 27.637622] binder: 3793:3810 BC_ACQUIRE_DONE u0000000000000000 node 26 cookie mismatch 0000000000000004 != 0000000000000000 [ 27.637695] binder: release 3805:3815 transaction 27 out, still active [ 27.637697] binder: undelivered TRANSACTION_COMPLETE [ 27.637700] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.637735] binder: 3807:3816 got new transaction with bad transaction stack, transaction 31 has target 3793:0 [ 27.637740] binder: 3807:3816 transaction failed 29201/-71, size 0-0 line 3031 [ 27.640161] binder: release 3793:3810 transaction 29 out, still active [ 27.640163] binder: undelivered TRANSACTION_COMPLETE [ 27.640177] binder: send failed reply for transaction 27, target dead [ 27.640181] binder: send failed reply for transaction 28, target dead [ 27.640185] binder: send failed reply for transaction 29, target dead [ 27.640189] binder: send failed reply for transaction 31 to 3807:3816 [ 27.641081] binder: undelivered TRANSACTION_COMPLETE [ 27.641084] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.643052] binder: 3805:3815 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.643090] binder: undelivered TRANSACTION_COMPLETE [ 27.643095] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.643096] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.644248] binder: 3807:3816 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.645014] binder: 3817:3818 ERROR: BC_REGISTER_LOOPER called without request [ 27.657103] binder: 3817:3818 got new transaction with bad transaction stack, transaction 35 has target 3817:0 [ 27.657111] binder: 3817:3818 transaction failed 29201/-71, size 0-0 line 3031 [ 27.657149] binder: release 3817:3818 transaction 35 out, still active [ 27.657154] binder: release 3817:3818 transaction 34 in, still active [ 27.657158] binder: undelivered TRANSACTION_COMPLETE [ 27.657164] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.657216] binder: 3817:3818 BC_ACQUIRE_DONE u0000000000000000 node 33 cookie mismatch 0000000000000004 != 0000000000000000 [ 27.658121] binder: 3813:3819 got new transaction with bad transaction stack, transaction 34 has target 0:0 [ 27.658130] binder: 3813:3819 transaction failed 29201/-71, size 0-0 line 3031 [ 27.659279] binder: release 3813:3819 transaction 34 out, still active [ 27.659281] binder: undelivered TRANSACTION_COMPLETE [ 27.659286] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.660464] binder: 3813:3819 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.678021] binder: BINDER_SET_CONTEXT_MGR already set [ 27.678027] binder: 3805:3822 ioctl 40046207 0 returned -16 [ 27.678894] binder: BINDER_SET_CONTEXT_MGR already set [ 27.678899] binder: 3807:3823 ioctl 40046207 0 returned -16 [ 27.679149] binder: 3805:3820 ERROR: BC_REGISTER_LOOPER called without request [ 27.680024] binder: 3807:3821 ERROR: BC_REGISTER_LOOPER called without request [ 27.680328] binder: release 3805:3822 transaction 40 out, still active [ 27.680330] binder: undelivered TRANSACTION_COMPLETE [ 27.681295] binder: release 3807:3823 transaction 42 out, still active [ 27.681296] binder: undelivered TRANSACTION_COMPLETE [ 27.681454] binder: 3805:3820 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.682410] binder: 3807:3821 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.684006] binder: release 3805:3820 transaction 43 out, still active [ 27.684009] binder: undelivered TRANSACTION_COMPLETE [ 27.684052] binder: release 3805:3820 transaction 38 out, still active [ 27.684054] binder: undelivered TRANSACTION_COMPLETE [ 27.688605] binder: release 3807:3821 transaction 44 out, still active [ 27.688608] binder: undelivered TRANSACTION_COMPLETE [ 27.688642] binder: release 3807:3821 transaction 39 out, still active [ 27.688644] binder: undelivered TRANSACTION_COMPLETE [ 27.691029] binder: BINDER_SET_CONTEXT_MGR already set [ 27.691034] binder: 3826:3828 ioctl 40046207 0 returned -16 [ 27.691542] binder: 3826:3828 ERROR: BC_REGISTER_LOOPER called without request [ 27.691591] binder: BINDER_SET_CONTEXT_MGR already set [ 27.691594] binder: 3817:3829 ioctl 40046207 0 returned -16 [ 27.692727] binder: 3817:3824 ERROR: BC_REGISTER_LOOPER called without request [ 27.692778] binder_alloc: 3817: binder_alloc_buf, no vma [ 27.692787] binder: 3817:3829 transaction failed 29189/-3, size 0-0 line 3127 [ 27.693918] binder_alloc: 3817: binder_alloc_buf, no vma [ 27.693927] binder: 3817:3824 transaction failed 29189/-3, size 0-0 line 3127 [ 27.693940] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.693969] binder: BINDER_SET_CONTEXT_MGR already set [ 27.693973] binder: 3827:3830 ioctl 40046207 0 returned -16 [ 27.694111] binder_alloc: 3817: binder_alloc_buf, no vma [ 27.694124] binder: 3813:3825 transaction failed 29189/-3, size 0-0 line 3127 [ 27.694548] binder: 3827:3830 ERROR: BC_REGISTER_LOOPER called without request [ 27.697472] binder: release 3817:3824 transaction 41 out, still active [ 27.697475] binder: undelivered TRANSACTION_COMPLETE [ 27.697485] binder: send failed reply for transaction 35, target dead [ 27.697489] binder: send failed reply for transaction 34, target dead [ 27.697493] binder: send failed reply for transaction 38, target dead [ 27.697496] binder: send failed reply for transaction 39, target dead [ 27.697499] binder: send failed reply for transaction 40, target dead [ 27.697503] binder: send failed reply for transaction 41, target dead [ 27.697506] binder: send failed reply for transaction 42, target dead [ 27.697510] binder: send failed reply for transaction 43, target dead [ 27.697513] binder: send failed reply for transaction 44, target dead [ 27.705016] binder: 3831:3832 ERROR: BC_REGISTER_LOOPER called without request [ 27.708111] binder: BINDER_SET_CONTEXT_MGR already set [ 27.708116] binder: 3813:3833 ioctl 40046207 0 returned -16 [ 27.709241] binder: 3813:3825 ERROR: BC_REGISTER_LOOPER called without request [ 27.709403] binder: 3831:3832 got new transaction with bad transaction stack, transaction 50 has target 3831:0 [ 27.709409] binder: 3831:3832 transaction failed 29201/-71, size 0-0 line 3031 [ 27.709435] binder: release 3831:3832 transaction 50 out, still active [ 27.709438] binder: release 3831:3832 transaction 49 in, still active [ 27.709440] binder: undelivered TRANSACTION_COMPLETE [ 27.709444] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.709478] binder: 3831:3832 BC_ACQUIRE_DONE u0000000000000000 node 48 cookie mismatch 0000000000000004 != 0000000000000000 [ 27.710652] binder: release 3813:3833 transaction 49 out, still active [ 27.710654] binder: undelivered TRANSACTION_COMPLETE [ 27.711785] binder: 3813:3825 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.714532] binder: release 3813:3825 transaction 52 out, still active [ 27.714535] binder: undelivered TRANSACTION_COMPLETE [ 27.714715] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.718251] binder: 3827:3835 got new transaction with bad transaction stack, transaction 53 has target 3831:0 [ 27.718257] binder: 3827:3835 transaction failed 29201/-71, size 0-0 line 3031 [ 27.719174] binder: 3826:3834 got new transaction with bad transaction stack, transaction 54 has target 3831:0 [ 27.719179] binder: 3826:3834 transaction failed 29201/-71, size 0-0 line 3031 [ 27.719364] binder: release 3827:3835 transaction 53 out, still active [ 27.719366] binder: undelivered TRANSACTION_COMPLETE [ 27.719371] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.720286] binder: release 3826:3834 transaction 54 out, still active [ 27.720287] binder: undelivered TRANSACTION_COMPLETE [ 27.720291] binder: undelivered TRANSACTION_ERROR: 29201 [ 27.720486] binder: 3827:3835 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.721401] binder: 3826:3834 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.742965] binder: BINDER_SET_CONTEXT_MGR already set [ 27.742971] binder: 3831:3837 ioctl 40046207 0 returned -16 [ 27.743340] binder_alloc: 3831: binder_alloc_buf, no vma [ 27.743351] binder: 3827:3838 transaction failed 29189/-3, size 0-0 line 3127 [ 27.744122] binder: 3831:3836 ERROR: BC_REGISTER_LOOPER called without request [ 27.744169] binder_alloc: 3831: binder_alloc_buf, no vma [ 27.744177] binder: 3831:3837 transaction failed 29189/-3, size 0-0 line 3127 [ 27.744482] binder_alloc: 3831: binder_alloc_buf, no vma [ 27.744490] binder: 3826:3839 transaction failed 29189/-3, size 0-0 line 3127 [ 27.745359] binder_alloc: 3831: binder_alloc_buf, no vma [ 27.745367] binder: 3831:3836 transaction failed 29189/-3, size 0-0 line 3127 [ 27.745380] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.749242] binder: release 3831:3836 transaction 57 out, still active [ 27.749244] binder: undelivered TRANSACTION_COMPLETE [ 27.749256] binder: send failed reply for transaction 50, target dead [ 27.749259] binder: send failed reply for transaction 49, target dead [ 27.749263] binder: send failed reply for transaction 52, target dead [ 27.749267] binder: send failed reply for transaction 53, target dead [ 27.749270] binder: send failed reply for transaction 54, target dead [ 27.749274] binder: send failed reply for transaction 57, target dead [ 27.756926] binder: BINDER_SET_CONTEXT_MGR already set [ 27.756931] binder: 3827:3840 ioctl 40046207 0 returned -16 [ 27.758011] binder: 3826:3839 ERROR: BC_REGISTER_LOOPER called without request [ 27.758055] binder: 3827:3838 ERROR: BC_REGISTER_LOOPER called without request [ 27.759313] binder: release 3826:3841 transaction 63 out, still active [ 27.759316] binder: undelivered TRANSACTION_COMPLETE [ 27.759350] binder: release 3827:3840 transaction 64 out, still active [ 27.759352] binder: undelivered TRANSACTION_COMPLETE [ 27.760447] binder: 3826:3839 BC_ACQUIRE_DONE u0000000000000000 node 62 cookie mismatch 0000000000000004 != 0000000000000000 [ 27.760483] binder: 3827:3838 BC_ACQUIRE_DONE u0000000000000000 no match [ 27.763257] binder: release 3826:3839 transaction 66 out, still active [ 27.763259] binder: undelivered TRANSACTION_COMPLETE [ 27.763275] binder: send failed reply for transaction 63, target dead [ 27.763279] binder: send failed reply for transaction 64, target dead [ 27.763284] binder: send failed reply for transaction 65 to 3827:3838 [ 27.763289] binder: send failed reply for transaction 66, target dead [ 27.767930] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.770696] binder: undelivered TRANSACTION_COMPLETE [ 27.770701] binder: undelivered TRANSACTION_ERROR: 29189 [ 27.770779] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.295988] IPVS: Creating netns size=2536 id=6 [ 29.310559] IPVS: Creating netns size=2536 id=7 [ 29.329222] binder: 3849:3850 ERROR: BC_REGISTER_LOOPER called without request [ 29.343568] IPVS: Creating netns size=2536 id=8 [ 29.352867] binder: release 3849:3850 transaction 69 out, still active [ 29.359645] binder: release 3849:3850 transaction 68 in, still active [ 29.366579] binder: undelivered TRANSACTION_COMPLETE [ 29.372814] binder: 3849:3850 BC_ACQUIRE_DONE u0000000000000000 node 67 cookie mismatch 0000000000000004 != 0000000000000000 [ 29.375464] binder: BINDER_SET_CONTEXT_MGR already set [ 29.375470] binder: 3855:3857 ioctl 40046207 0 returned -16 [ 29.376066] binder: 3855:3857 ERROR: BC_REGISTER_LOOPER called without request [ 29.381021] binder: BINDER_SET_CONTEXT_MGR already set [ 29.381029] binder: 3859:3860 ioctl 40046207 0 returned -16 [ 29.381629] binder: 3859:3860 ERROR: BC_REGISTER_LOOPER called without request [ 29.402414] binder: 3855:3861 got new transaction with bad transaction stack, transaction 70 has target 3849:0 [ 29.402424] binder: 3855:3861 transaction failed 29201/-71, size 0-0 line 3031 [ 29.403564] binder: release 3855:3861 transaction 70 out, still active [ 29.403567] binder: undelivered TRANSACTION_COMPLETE [ 29.403573] binder: undelivered TRANSACTION_ERROR: 29201 [ 29.404730] binder: 3855:3861 BC_ACQUIRE_DONE u0000000000000000 no match [ 29.413917] binder: BINDER_SET_CONTEXT_MGR already set [ 29.413924] binder: 3849:3865 ioctl 40046207 0 returned -16 [ 29.415131] binder: 3849:3852 ERROR: BC_REGISTER_LOOPER called without request [ 29.415187] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.415202] binder: 3849:3852 transaction failed 29189/-3, size 0-0 line 3127 [ 29.416977] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.418132] binder: 3849:3852 BC_ACQUIRE_DONE u0000000000000000 no match [ 29.418665] binder: BINDER_SET_CONTEXT_MGR already set [ 29.418671] binder: 3866:3867 ioctl 40046207 0 returned -16 [ 29.419296] binder: 3866:3867 ERROR: BC_REGISTER_LOOPER called without request [ 29.419463] binder: 3859:3863 got new transaction with bad transaction stack, transaction 73 has target 3849:0 [ 29.419472] binder: 3859:3863 transaction failed 29201/-71, size 0-0 line 3031 [ 29.420624] binder: release 3859:3863 transaction 73 out, still active [ 29.420628] binder: undelivered TRANSACTION_COMPLETE [ 29.420634] binder: undelivered TRANSACTION_ERROR: 29201 [ 29.421791] binder: 3859:3863 BC_ACQUIRE_DONE u0000000000000000 no match [ 29.427428] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.427443] binder: 3855:3868 transaction failed 29189/-3, size 0-0 line 3127 [ 29.439128] binder: BINDER_SET_CONTEXT_MGR already set [ 29.439138] binder: 3855:3869 ioctl 40046207 0 returned -16 [ 29.440340] binder: 3855:3868 ERROR: BC_REGISTER_LOOPER called without request [ 29.440383] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.440398] binder: 3855:3869 transaction failed 29189/-3, size 0-0 line 3127 [ 29.441548] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.441561] binder: 3855:3868 transaction failed 29189/-3, size 0-0 line 3127 [ 29.441586] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.446309] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.446455] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.446511] binder: 3859:3871 transaction failed 29189/-3, size 0-0 line 3127 [ 29.450356] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.450369] binder: 3866:3870 transaction failed 29189/-3, size 0-0 line 3127 [ 29.452639] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.453782] binder: 3866:3870 BC_ACQUIRE_DONE u0000000000000000 no match [ 29.458152] binder: BINDER_SET_CONTEXT_MGR already set [ 29.458162] binder: 3859:3872 ioctl 40046207 0 returned -16 [ 29.459335] binder: 3859:3871 ERROR: BC_REGISTER_LOOPER called without request [ 29.459375] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.459388] binder: 3859:3872 transaction failed 29189/-3, size 0-0 line 3127 [ 29.460542] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.460554] binder: 3859:3871 transaction failed 29189/-3, size 0-0 line 3127 [ 29.460582] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.465086] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.476433] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.476449] binder: 3866:3873 transaction failed 29189/-3, size 0-0 line 3127 [ 29.488039] binder: BINDER_SET_CONTEXT_MGR already set [ 29.488046] binder: 3866:3874 ioctl 40046207 0 returned -16 [ 29.489195] binder: 3866:3873 ERROR: BC_REGISTER_LOOPER called without request [ 29.489241] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.489255] binder: 3866:3874 transaction failed 29189/-3, size 0-0 line 3127 [ 29.490408] binder_alloc: 3849: binder_alloc_buf, no vma [ 29.490421] binder: 3866:3873 transaction failed 29189/-3, size 0-0 line 3127 [ 29.490440] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.494894] binder: undelivered TRANSACTION_ERROR: 29189 [ 29.795357] binder: release 3849:3852 transaction 71 in, still active [ 29.802116] binder: send failed reply for transaction 71 to 3849:3852 [ 29.814108] binder: BINDER_SET_CONTEXT_MGR already set [ 29.817381] binder: 3876:3884 ERROR: BC_REGISTER_LOOPER called without request [ 29.819566] ================================================================== [ 29.819581] BUG: KASAN: use-after-free in __list_del_entry+0x196/0x1d0 [ 29.819586] Read of size 8 at addr ffff8801c4ba8010 by task kworker/1:1/24 [ 29.819587] [ 29.819594] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.9.86-gb324a70 #58 [ 29.819598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.819608] Workqueue: events binder_deferred_func [ 29.819618] ffff8801d9517a50 ffffffff81d956f9 ffffea000712ea00 ffff8801c4ba8010 [ 29.819628] 0000000000000000 ffff8801c4ba8010 ffffed00387d1ed9 ffff8801d9517a88 [ 29.819637] ffffffff8153e083 ffff8801c4ba8010 0000000000000008 0000000000000000 [ 29.819639] Call Trace: [ 29.819648] [] dump_stack+0xc1/0x128 [ 29.819659] [] print_address_description+0x73/0x280 [ 29.819664] [] kasan_report+0x275/0x360 [ 29.819671] [] ? __list_del_entry+0x196/0x1d0 [ 29.819679] [] __asan_report_load8_noabort+0x14/0x20 [ 29.819686] [] __list_del_entry+0x196/0x1d0 [ 29.819693] [] binder_release_work+0x8c/0x260 [ 29.819699] [] ? binder_send_failed_reply+0x18a/0x3a0 [ 29.819705] [] binder_thread_release+0x428/0x600 [ 29.819711] [] binder_deferred_func+0x43f/0xd10 [ 29.819720] [] ? __lock_is_held+0xa1/0xf0 [ 29.819729] [] process_one_work+0x7e0/0x1610 [ 29.819736] [] ? process_one_work+0x72c/0x1610 [ 29.819743] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 29.819750] [] worker_thread+0xe0/0x10d0 [ 29.819759] [] ? __schedule+0x683/0x1ba0 [ 29.819767] [] kthread+0x26d/0x300 [ 29.819773] [] ? process_one_work+0x1610/0x1610 [ 29.819779] [] ? kthread_park+0xa0/0xa0 [ 29.819786] [] ? kthread_park+0xa0/0xa0 [ 29.819791] [] ? kthread_park+0xa0/0xa0 [ 29.819796] [] ret_from_fork+0x5c/0x70 [ 29.819798] [ 29.819800] Allocated by task 3852: [ 29.819805] save_stack_trace+0x16/0x20 [ 29.819808] save_stack+0x43/0xd0 [ 29.819811] kasan_kmalloc+0xad/0xe0 [ 29.819814] kmem_cache_alloc_trace+0xfb/0x2a0 [ 29.819817] binder_transaction+0x103c/0x7040 [ 29.819820] binder_thread_write+0x8d4/0x31f0 [ 29.819823] binder_ioctl_write_read.isra.55+0x1ed/0x9a0 [ 29.819826] binder_ioctl+0xaea/0x11b0 [ 29.819831] compat_SyS_ioctl+0x15f/0x2050 [ 29.819837] do_fast_syscall_32+0x2f5/0x870 [ 29.819843] entry_SYSENTER_compat+0x90/0xa2 [ 29.819844] [ 29.819846] Freed by task 24: [ 29.819851] save_stack_trace+0x16/0x20 [ 29.819857] save_stack+0x43/0xd0 [ 29.819862] kasan_slab_free+0x72/0xc0 [ 29.819866] kfree+0x103/0x300 [ 29.819873] binder_free_transaction+0x6a/0x90 [ 29.819878] binder_send_failed_reply+0x185/0x3a0 [ 29.819882] binder_thread_release+0x416/0x600 [ 29.819887] binder_deferred_func+0x43f/0xd10 [ 29.819893] process_one_work+0x7e0/0x1610 [ 29.819898] worker_thread+0xe0/0x10d0 [ 29.819902] kthread+0x26d/0x300 [ 29.819907] ret_from_fork+0x5c/0x70 [ 29.819908] [ 29.819913] The buggy address belongs to the object at ffff8801c4ba8000 [ 29.819913] which belongs to the cache kmalloc-192 of size 192 [ 29.819918] The buggy address is located 16 bytes inside of [ 29.819918] 192-byte region [ffff8801c4ba8000, ffff8801c4ba80c0) [ 29.819919] The buggy address belongs to the page: [ 29.819927] page:ffffea000712ea00 count:1 mapcount:0 mapping: (null) index:0x0 [ 29.819931] flags: 0x8000000000000080(slab) [ 29.819933] page dumped because: kasan: bad access detected [ 29.819935] [ 29.819937] Memory state around the buggy address: [ 29.819942] ffff8801c4ba7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.819946] ffff8801c4ba7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.819952] >ffff8801c4ba8000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.819954] ^ [ 29.819958] ffff8801c4ba8080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.819962] ffff8801c4ba8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.819963] ================================================================== [ 29.819965] Disabling lock debugging due to kernel taint [ 29.819967] Kernel panic - not syncing: panic_on_warn set ... [ 29.819967] [ 29.819973] CPU: 1 PID: 24 Comm: kworker/1:1 Tainted: G B 4.9.86-gb324a70 #58 [ 29.819976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.819983] Workqueue: events binder_deferred_func [ 29.819993] ffff8801d95179a8 ffffffff81d956f9 ffffffff841979cf ffff8801d9517a80 [ 29.820001] 0000000000000000 ffff8801c4ba8010 ffffed00387d1ed9 ffff8801d9517a70 [ 29.820010] ffffffff8142f531 0000000041b58ab3 ffffffff8418b430 ffffffff8142f375 [ 29.820011] Call Trace: [ 29.820018] [] dump_stack+0xc1/0x128 [ 29.820025] [] panic+0x1bc/0x3a8 [ 29.820034] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 29.820041] [] kasan_end_report+0x50/0x50 [ 29.820054] [] kasan_report+0x167/0x360 [ 29.820061] [] ? __list_del_entry+0x196/0x1d0 [ 29.820068] [] __asan_report_load8_noabort+0x14/0x20 [ 29.820074] [] __list_del_entry+0x196/0x1d0 [ 29.820079] [] binder_release_work+0x8c/0x260 [ 29.820085] [] ? binder_send_failed_reply+0x18a/0x3a0 [ 29.820091] [] binder_thread_release+0x428/0x600 [ 29.820097] [] binder_deferred_func+0x43f/0xd10 [ 29.820104] [] ? __lock_is_held+0xa1/0xf0 [ 29.820111] [] process_one_work+0x7e0/0x1610 [ 29.820118] [] ? process_one_work+0x72c/0x1610 [ 29.820125] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 29.820132] [] worker_thread+0xe0/0x10d0 [ 29.820139] [] ? __schedule+0x683/0x1ba0 [ 29.820146] [] kthread+0x26d/0x300 [ 29.820152] [] ? process_one_work+0x1610/0x1610 [ 29.820158] [] ? kthread_park+0xa0/0xa0 [ 29.820165] [] ? kthread_park+0xa0/0xa0 [ 29.820171] [] ? kthread_park+0xa0/0xa0 [ 29.820177] [] ret_from_fork+0x5c/0x70 [ 29.827820] Dumping ftrace buffer: [ 29.827823] (ftrace buffer empty) [ 29.827826] Kernel Offset: disabled [ 30.450898] Rebooting in 86400 seconds..