[....] Starting enhanced syslogd: rsyslogd[ 9.943639] audit: type=1400 audit(1514786095.297:4): avc: denied { syslog } for pid=3196 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.236' (ECDSA) to the list of known hosts. 2018/01/01 05:55:25 parsed 1 programs 2018/01/01 05:55:25 executed programs: 0 syzkaller login: [ 40.639440] IPVS: Creating netns size=2536 id=1 [ 40.649113] audit: type=1400 audit(1514786125.997:5): avc: denied { set_context_mgr } for pid=3392 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 40.653033] audit: type=1400 audit(1514786126.007:6): avc: denied { call } for pid=3392 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 40.661144] binder: send failed reply for transaction 2 to 3392:3394 [ 40.666780] IPVS: Creating netns size=2536 id=2 [ 40.678102] binder: send failed reply for transaction 4 to 3392:3394 [ 40.684691] binder: send failed reply for transaction 6 to 3398:3399 [ 40.691446] binder: send failed reply for transaction 8 to 3403:3404 [ 40.697995] binder: undelivered TRANSACTION_COMPLETE [ 40.698388] IPVS: Creating netns size=2536 id=3 [ 40.707933] binder: undelivered TRANSACTION_ERROR: 29189 [ 40.713443] binder: send failed reply for transaction 10 to 3398:3399 [ 40.720327] binder: send failed reply for transaction 12 to 3403:3404 [ 40.722441] binder: BINDER_SET_CONTEXT_MGR already set [ 40.722445] binder: 3408:3411 ioctl 40046207 0 returned -16 [ 40.723597] binder: 3408:3409 got new transaction with bad transaction stack, transaction 14 has target 3408:0 [ 40.723603] binder: 3408:3409 transaction failed 29201/-71, size 0-0 line 3031 [ 40.739084] binder: BINDER_SET_CONTEXT_MGR already set [ 40.739089] binder: 3414:3416 ioctl 40046207 0 returned -16 [ 40.740434] binder_alloc: 3414: binder_alloc_buf, no vma [ 40.740445] binder: 3414:3415 transaction failed 29189/-3, size 0-0 line 3127 [ 40.740538] binder: BINDER_SET_CONTEXT_MGR already set [ 40.740541] binder: 3410:3413 ioctl 40046207 0 returned -16 [ 40.741475] binder: BINDER_SET_CONTEXT_MGR already set [ 40.741479] binder: 3418:3419 ioctl 40046207 0 returned -16 [ 40.741528] binder_alloc: 3408: binder_alloc_buf, no vma [ 40.741536] binder: 3418:3419 transaction failed 29189/-3, size 0-0 line 3127 [ 40.741750] binder_alloc: 3410: binder_alloc_buf, no vma [ 40.741758] binder: 3410:3412 transaction failed 29189/-3, size 0-0 line 3127 [ 40.755199] binder: BINDER_SET_CONTEXT_MGR already set [ 40.755204] binder: 3418:3420 ioctl 40046207 0 returned -16 [ 40.757923] binder: BINDER_SET_CONTEXT_MGR already set [ 40.757927] binder: 3422:3423 ioctl 40046207 0 returned -16 [ 40.757978] binder_alloc: 3414: binder_alloc_buf, no vma [ 40.757988] binder: 3422:3423 transaction failed 29189/-3, size 0-0 line 3127 [ 40.762612] binder: BINDER_SET_CONTEXT_MGR already set [ 40.762616] binder: 3421:3425 ioctl 40046207 0 returned -16 [ 40.762669] binder_alloc: 3410: binder_alloc_buf, no vma [ 40.762679] binder: 3421:3425 transaction failed 29189/-3, size 0-0 line 3127 [ 40.770329] binder: BINDER_SET_CONTEXT_MGR already set [ 40.770334] binder: 3422:3424 ioctl 40046207 0 returned -16 [ 40.775325] binder: BINDER_SET_CONTEXT_MGR already set [ 40.775330] binder: 3427:3428 ioctl 40046207 0 returned -16 [ 40.775382] binder_alloc: 3408: binder_alloc_buf, no vma [ 40.775391] binder: 3427:3428 transaction failed 29189/-3, size 0-0 line 3127 [ 40.776072] binder: BINDER_SET_CONTEXT_MGR already set [ 40.776075] binder: 3421:3426 ioctl 40046207 0 returned -16 [ 40.786984] binder: BINDER_SET_CONTEXT_MGR already set [ 40.786989] binder: 3427:3429 ioctl 40046207 0 returned -16 [ 40.791498] binder: BINDER_SET_CONTEXT_MGR already set [ 40.791503] binder: 3430:3431 ioctl 40046207 0 returned -16 [ 40.791556] binder_alloc: 3414: binder_alloc_buf, no vma [ 40.791565] binder: 3430:3431 transaction failed 29189/-3, size 0-0 line 3127 [ 40.796203] binder: BINDER_SET_CONTEXT_MGR already set [ 40.796208] binder: 3432:3434 ioctl 40046207 0 returned -16 [ 40.796261] binder_alloc: 3410: binder_alloc_buf, no vma [ 40.796270] binder: 3432:3434 transaction failed 29189/-3, size 0-0 line 3127 [ 40.803689] binder: BINDER_SET_CONTEXT_MGR already set [ 40.803694] binder: 3430:3433 ioctl 40046207 0 returned -16 [ 40.808764] binder: BINDER_SET_CONTEXT_MGR already set [ 40.808768] binder: 3432:3435 ioctl 40046207 0 returned -16 [ 41.010324] ------------[ cut here ]------------ [ 41.015061] WARNING: CPU: 1 PID: 24 at drivers/android/binder.c:2151 binder_send_failed_reply+0x147/0x3a0 [ 41.024767] Unexpected reply error: 29189 [ 41.028882] Kernel panic - not syncing: panic_on_warn set ... [ 41.028882] [ 41.036212] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.9.73-gf3f3457 #1 [ 41.043271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.052609] Workqueue: events binder_deferred_func [ 41.057623] ffff8801d985f910 ffffffff81d922b9 ffffffff83a46d00 ffff8801d985f9e8 [ 41.065576] ffffffff83eab500 ffffffff82d60a57 0000000000000009 ffff8801d985f9d8 [ 41.073520] ffffffff8142d741 0000000041b58ab3 ffffffff84189000 ffffffff8142d585 [ 41.081473] Call Trace: [ 41.084029] [] dump_stack+0xc1/0x128 [ 41.089360] [] ? binder_send_failed_reply+0x147/0x3a0 [ 41.096166] [] panic+0x1bc/0x3a8 [ 41.101147] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 41.109341] [] ? vprintk_emit+0x3ad/0x750 [ 41.115103] [] ? __warn+0x1a9/0x1e0 [ 41.120342] [] ? binder_send_failed_reply+0x147/0x3a0 [ 41.127152] [] __warn+0x1c4/0x1e0 [ 41.132226] [] warn_slowpath_fmt+0xc4/0x110 [ 41.138161] [] ? __warn+0x1e0/0x1e0 [ 41.143404] [] ? _binder_inner_proc_lock+0x2c/0x50 [ 41.149949] [] binder_send_failed_reply+0x147/0x3a0 [ 41.156582] [] binder_cleanup_transaction+0xd2/0x140 [ 41.163302] [] binder_release_work+0x1b0/0x260 [ 41.169502] [] ? _raw_spin_unlock+0x2c/0x50 [ 41.175441] [] binder_deferred_func+0x9a2/0xd10 [ 41.181726] [] ? __lock_is_held+0xa1/0xf0 [ 41.187490] [] process_one_work+0x7e0/0x1610 [ 41.193512] [] ? process_one_work+0x72c/0x1610 [ 41.199711] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 41.206168] [] worker_thread+0xe0/0x10d0 [ 41.211844] [] ? __schedule+0x683/0x1ba0 [ 41.217522] [] kthread+0x26d/0x300 [ 41.222679] [] ? process_one_work+0x1610/0x1610 [ 41.228963] [] ? kthread_park+0xa0/0xa0 [ 41.234553] [] ? kthread_park+0xa0/0xa0 [ 41.240140] [] ? kthread_park+0xa0/0xa0 [ 41.245730] [] ret_from_fork+0x2a/0x40 [ 41.251761] Dumping ftrace buffer: [ 41.255301] (ftrace buffer empty) [ 41.258978] Kernel Offset: disabled [ 41.262582] Rebooting in 86400 seconds..