[....] Starting enhanced syslogd: rsyslogd[ 13.460753] audit: type=1400 audit(1543053478.627:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. 2018/11/24 09:58:10 fuzzer started 2018/11/24 09:58:12 dialing manager at 10.128.0.26:46419 2018/11/24 09:58:12 syscalls: 1 2018/11/24 09:58:12 code coverage: enabled 2018/11/24 09:58:12 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/24 09:58:12 setuid sandbox: enabled 2018/11/24 09:58:12 namespace sandbox: enabled 2018/11/24 09:58:12 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/24 09:58:12 fault injection: kernel does not have systematic fault injection support 2018/11/24 09:58:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/24 09:58:12 net packet injection: enabled 2018/11/24 09:58:12 net device setup: enabled 09:58:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0x4, 0x4) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffed3, 0x0, 0x0, 0x0) 09:58:49 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) write$cgroup_int(r1, 0x0, 0x0) 09:58:49 executing program 2: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x1, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x2, 0x0) sendfile(r1, r0, 0x0, 0x2000005) futex(0x0, 0x800000000008, 0x0, &(0x7f0000d8d000)={0x77359400}, &(0x7f0000048000), 0x0) pipe(&(0x7f0000000080)) socket$inet6_tcp(0xa, 0x1, 0x0) add_key(&(0x7f00000001c0)='.request_key_auth\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="cceea31ddfb720673cee94308c3e4dbe6dd330a4fd04995cea3d5b058fb141b9f5293fc7aeff3ef1754c263a36b4cf66a7f6f8bfe8e135f973a75549e6f4c1363c5d051cc730a320a782e422937cbd0c3b3894915b576eaac3453503d893e1ea75d7dcfaa0163f0113075c4cf75ac3d223613bd476c77032592679c4e3b2796fb98b18171354f2285a13a744bbe23ca746fa2cb8e95272228b098d8a4c75ebda925ae41a4447a8", 0xa7, 0xfffffffffffffffe) 09:58:49 executing program 1: socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) timerfd_create(0x0, 0x0) write(r1, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x64}, &(0x7f0000000100), 0x0, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 09:58:49 executing program 3: 09:58:49 executing program 4: 09:58:56 executing program 3: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) 09:58:56 executing program 2: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x1, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x2, 0x0) sendfile(r1, r0, 0x0, 0x2000005) futex(0x0, 0x800000000008, 0x0, &(0x7f0000d8d000)={0x77359400}, &(0x7f0000048000), 0x0) pipe(&(0x7f0000000080)) socket$inet6_tcp(0xa, 0x1, 0x0) add_key(&(0x7f00000001c0)='.request_key_auth\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="cceea31ddfb720673cee94308c3e4dbe6dd330a4fd04995cea3d5b058fb141b9f5293fc7aeff3ef1754c263a36b4cf66a7f6f8bfe8e135f973a75549e6f4c1363c5d051cc730a320a782e422937cbd0c3b3894915b576eaac3453503d893e1ea75d7dcfaa0163f0113075c4cf75ac3d223613bd476c77032592679c4e3b2796fb98b18171354f2285a13a744bbe23ca746fa2cb8e95272228b098d8a4c75ebda925ae41a4447a8", 0xa7, 0xfffffffffffffffe) 09:58:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000140)={0xfffffffffffffffc, 0x0, 0x0, 0xffff}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 09:58:57 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = socket$inet6(0xa, 0x803, 0x4) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") setsockopt$inet6_opts(r0, 0x29, 0x4b, &(0x7f0000000000)=@fragment={0xa4ffffff}, 0x8) 09:58:57 executing program 1: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$bt_hci(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)) syzkaller login: [ 71.884667] ------------[ cut here ]------------ 09:58:57 executing program 5: clone(0x2000002102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getrandom(0x0, 0x100000168, 0x2) [ 71.923559] WARNING: CPU: 0 PID: 3750 at arch/x86/mm/pat.c:1017 untrack_pfn+0x214/0x270() [ 71.961038] Kernel panic - not syncing: panic_on_warn set ... [ 71.961038] [ 71.968420] CPU: 0 PID: 3750 Comm: syz-executor3 Not tainted 4.4.164+ #13 [ 71.975350] 0000000000000000 6308b20fa7b59b2e ffff8800a6ab76e8 ffffffff81aa5d4d [ 71.983421] ffffffff828353a0 ffff8800a6aa8000 ffffffff82830900 0000000000000009 [ 71.991497] 00000000000003f9 ffff8800a6ab77a8 ffffffff813a2404 0000000041b58ab3 [ 71.999555] Call Trace: [ 72.002143] [] dump_stack+0xc1/0x124 [ 72.007501] [] panic+0x19e/0x359 [ 72.012528] [] ? add_taint.cold.4+0x16/0x16 [ 72.018498] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 72.025248] [] ? warn_slowpath_common.cold.6+0x5/0x20 [ 72.032080] [] warn_slowpath_common.cold.6+0x20/0x20 [ 72.038823] [] ? untrack_pfn+0x214/0x270 [ 72.044543] [] warn_slowpath_null+0x29/0x30 [ 72.050498] [] untrack_pfn+0x214/0x270 [ 72.056008] [] ? track_pfn_insert+0x100/0x100 [ 72.062127] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 72.068442] [] unmap_single_vma+0xea3/0x10d0 [ 72.074473] [] ? vm_normal_page+0x300/0x300 [ 72.080417] [] ? lru_add_drain_cpu+0x161/0x390 [ 72.086625] [] ? lru_cache_add_active_or_unevictable+0x120/0x120 [ 72.094394] [] unmap_vmas+0x81/0xd0 [ 72.099659] [] unmap_region+0x1ae/0x300 [ 72.105264] [] ? validate_mm_rb+0xa0/0xa0 [ 72.111042] [] ? vma_compute_subtree_gap+0x190/0x1f0 [ 72.117784] [] ? vma_rb_erase+0x422/0xa20 [ 72.123556] [] ? vma_compute_subtree_gap+0x190/0x1f0 [ 72.130303] [] do_munmap+0x80d/0xd40 [ 72.135648] [] move_vma+0x550/0x9a0 [ 72.140917] [] ? move_page_tables+0xc10/0xc10 [ 72.147036] [] ? arch_get_unmapped_area+0x700/0x700 [ 72.153691] [] ? vmacache_find+0x57/0x290 [ 72.159464] [] ? selinux_mmap_addr+0x1f/0xf0 [ 72.165513] [] ? security_mmap_addr+0x7f/0xb0 [ 72.171634] [] ? get_unmapped_area+0x22e/0x300 [ 72.177841] [] SyS_mremap+0x9fa/0xd90 [ 72.183266] [] ? move_vma+0x9a0/0x9a0 [ 72.188693] [] ? __compat_put_timespec.isra.3+0xc7/0x140 [ 72.195803] [] ? compat_SyS_clock_gettime+0x14d/0x1d0 [ 72.202611] [] ? compat_SyS_clock_settime+0x1b0/0x1b0 [ 72.209422] [] ? do_fast_syscall_32+0xdb/0xa80 [ 72.215631] [] ? move_vma+0x9a0/0x9a0 [ 72.221058] [] do_fast_syscall_32+0x31e/0xa80 [ 72.227187] [] sysenter_flags_fixed+0xd/0x1a [ 72.233531] Kernel Offset: disabled [ 72.237191] Rebooting in 86400 seconds..