[....] Starting enhanced syslogd: rsyslogd[ 10.568418] audit: type=1400 audit(1514500444.548:4): avc: denied { syslog } for pid=3182 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.232' (ECDSA) to the list of known hosts. 2017/12/28 22:34:32 parsed 1 programs 2017/12/28 22:34:32 executed programs: 0 syzkaller login: [ 38.042597] audit: type=1400 audit(1514500472.018:5): avc: denied { sys_admin } for pid=3353 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 38.061148] IPVS: Creating netns size=2536 id=1 [ 38.077705] IPVS: Creating netns size=2536 id=2 [ 38.096050] audit: type=1400 audit(1514500472.078:6): avc: denied { sys_chroot } for pid=3357 comm="syz-executor2" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 38.120822] IPVS: Creating netns size=2536 id=3 [ 38.124465] audit: type=1400 audit(1514500472.108:7): avc: denied { set_context_mgr } for pid=3377 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 38.124723] audit: type=1400 audit(1514500472.108:8): avc: denied { call } for pid=3377 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 38.126282] binder: send failed reply for transaction 2 to 3377:3378 [ 38.153450] binder: send failed reply for transaction 4 to 3380:3381 [ 38.191267] binder: send failed reply for transaction 8 to 3380:3381 [ 38.197257] binder: BINDER_SET_CONTEXT_MGR already set [ 38.197262] binder: 3383:3386 ioctl 40046207 0 returned -16 [ 38.197316] binder_alloc: 3377: binder_alloc_buf, no vma [ 38.197327] binder: 3383:3386 transaction failed 29189/-3, size 0-0 line 3127 [ 38.199291] binder: BINDER_SET_CONTEXT_MGR already set [ 38.199295] binder: 3385:3388 ioctl 40046207 0 returned -16 [ 38.200651] binder: 3385:3387 got new transaction with bad transaction stack, transaction 10 has target 3385:0 [ 38.200657] binder: 3385:3387 transaction failed 29201/-71, size 0-0 line 3031 [ 38.203576] binder: BINDER_SET_CONTEXT_MGR already set [ 38.203580] binder: 3383:3389 ioctl 40046207 0 returned -16 [ 38.221698] binder: BINDER_SET_CONTEXT_MGR already set [ 38.221703] binder: 3391:3392 ioctl 40046207 0 returned -16 [ 38.221759] binder_alloc: 3385: binder_alloc_buf, no vma [ 38.221768] binder: 3391:3392 transaction failed 29189/-3, size 0-0 line 3127 [ 38.224973] binder: BINDER_SET_CONTEXT_MGR already set [ 38.224978] binder: 3393:3395 ioctl 40046207 0 returned -16 [ 38.225029] binder_alloc: 3377: binder_alloc_buf, no vma [ 38.225038] binder: 3393:3395 transaction failed 29189/-3, size 0-0 line 3127 [ 38.231567] binder: BINDER_SET_CONTEXT_MGR already set [ 38.231572] binder: 3393:3396 ioctl 40046207 0 returned -16 [ 38.231599] binder: BINDER_SET_CONTEXT_MGR already set [ 38.231601] binder: 3391:3394 ioctl 40046207 0 returned -16 [ 38.248580] binder: BINDER_SET_CONTEXT_MGR already set [ 38.248584] binder: 3397:3398 ioctl 40046207 0 returned -16 [ 38.248638] binder_alloc: 3377: binder_alloc_buf, no vma [ 38.248648] binder: 3397:3398 transaction failed 29189/-3, size 0-0 line 3127 [ 38.251663] binder: BINDER_SET_CONTEXT_MGR already set [ 38.251668] binder: 3399:3401 ioctl 40046207 0 returned -16 [ 38.251719] binder_alloc: 3385: binder_alloc_buf, no vma [ 38.251729] binder: 3399:3401 transaction failed 29189/-3, size 0-0 line 3127 [ 38.258146] binder: BINDER_SET_CONTEXT_MGR already set [ 38.258151] binder: 3399:3402 ioctl 40046207 0 returned -16 [ 38.258178] binder: BINDER_SET_CONTEXT_MGR already set [ 38.258181] binder: 3397:3400 ioctl 40046207 0 returned -16 [ 38.275752] binder: BINDER_SET_CONTEXT_MGR already set [ 38.275758] binder: 3403:3405 ioctl 40046207 0 returned -16 [ 38.275812] binder_alloc: 3385: binder_alloc_buf, no vma [ 38.275822] binder: 3403:3405 transaction failed 29189/-3, size 0-0 line 3127 [ 38.278426] binder: BINDER_SET_CONTEXT_MGR already set [ 38.278430] binder: 3404:3406 ioctl 40046207 0 returned -16 [ 38.278485] binder_alloc: 3377: binder_alloc_buf, no vma [ 38.278543] binder: 3404:3406 transaction failed 29189/-3, size 0-0 line 3127 [ 38.285044] binder: BINDER_SET_CONTEXT_MGR already set [ 38.285056] binder: 3404:3408 ioctl 40046207 0 returned -16 [ 38.285088] binder: BINDER_SET_CONTEXT_MGR already set [ 38.285091] binder: 3403:3407 ioctl 40046207 0 returned -16 [ 38.301765] binder: BINDER_SET_CONTEXT_MGR already set [ 38.301770] binder: 3409:3410 ioctl 40046207 0 returned -16 [ 38.301823] binder_alloc: 3377: binder_alloc_buf, no vma [ 38.301833] binder: 3409:3410 transaction failed 29189/-3, size 0-0 line 3127 [ 38.307256] binder: BINDER_SET_CONTEXT_MGR already set [ 38.307261] binder: 3409:3411 ioctl 40046207 0 returned -16 [ 38.502434] ------------[ cut here ]------------ [ 38.507185] WARNING: CPU: 1 PID: 1550 at drivers/android/binder.c:2151 binder_send_failed_reply+0x147/0x3a0 [ 38.517041] Unexpected reply error: 29189 [ 38.521163] Kernel panic - not syncing: panic_on_warn set ... [ 38.521163] [ 38.528492] CPU: 1 PID: 1550 Comm: kworker/1:2 Not tainted 4.9.72-gcb7518e #114 [ 38.535904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.545240] Workqueue: events binder_deferred_func [ 38.550245] ffff8801d0a4f910 ffffffff81d922b9 ffffffff83a46d00 ffff8801d0a4f9e8 [ 38.558200] ffffffff83eab500 ffffffff82d60a57 0000000000000009 ffff8801d0a4f9d8 [ 38.566139] ffffffff8142d741 0000000041b58ab3 ffffffff84189000 ffffffff8142d585 [ 38.574087] Call Trace: [ 38.576643] [] dump_stack+0xc1/0x128 [ 38.581974] [] ? binder_send_failed_reply+0x147/0x3a0 [ 38.588778] [] panic+0x1bc/0x3a8 [ 38.593766] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 38.601959] [] ? vprintk_emit+0x3ad/0x750 [ 38.607723] [] ? __warn+0x1a9/0x1e0 [ 38.613619] [] ? binder_send_failed_reply+0x147/0x3a0 [ 38.620439] [] __warn+0x1c4/0x1e0 [ 38.625514] [] warn_slowpath_fmt+0xc4/0x110 [ 38.631456] [] ? __warn+0x1e0/0x1e0 [ 38.636700] [] ? _binder_inner_proc_lock+0x2c/0x50 [ 38.643249] [] binder_send_failed_reply+0x147/0x3a0 [ 38.649886] [] binder_cleanup_transaction+0xd2/0x140 [ 38.656610] [] binder_release_work+0x1b0/0x260 [ 38.662811] [] ? _raw_spin_unlock+0x2c/0x50 [ 38.668748] [] binder_deferred_func+0x9a2/0xd10 [ 38.675038] [] ? __lock_is_held+0xa1/0xf0 [ 38.680810] [] process_one_work+0x7e0/0x1610 [ 38.686834] [] ? process_one_work+0x72c/0x1610 [ 38.693032] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 38.699487] [] worker_thread+0xe0/0x10d0 [ 38.705162] [] ? __schedule+0x683/0x1ba0 [ 38.710839] [] kthread+0x26d/0x300 [ 38.716002] [] ? process_one_work+0x1610/0x1610 [ 38.722284] [] ? kthread_park+0xa0/0xa0 [ 38.727872] [] ? kthread_park+0xa0/0xa0 [ 38.733459] [] ? kthread_park+0xa0/0xa0 [ 38.739055] [] ret_from_fork+0x2a/0x40 [ 38.745127] Dumping ftrace buffer: [ 38.748700] (ftrace buffer empty) [ 38.752379] Kernel Offset: disabled [ 38.755993] Rebooting in 86400 seconds..