[....] Starting enhanced syslogd: rsyslogd[   13.460753] audit: type=1400 audit(1543053478.627:4): avc:  denied  { syslog } for  pid=1918 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
2018/11/24 09:58:10 fuzzer started
2018/11/24 09:58:12 dialing manager at 10.128.0.26:46419
2018/11/24 09:58:12 syscalls: 1
2018/11/24 09:58:12 code coverage: enabled
2018/11/24 09:58:12 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/11/24 09:58:12 setuid sandbox: enabled
2018/11/24 09:58:12 namespace sandbox: enabled
2018/11/24 09:58:12 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/24 09:58:12 fault injection: kernel does not have systematic fault injection support
2018/11/24 09:58:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/24 09:58:12 net packet injection: enabled
2018/11/24 09:58:12 net device setup: enabled
09:58:49 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0x4, 0x4)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffed3, 0x0, 0x0, 0x0)

09:58:49 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r0)
write$cgroup_int(r1, 0x0, 0x0)

09:58:49 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x1, 0x0)
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x2000005)
futex(0x0, 0x800000000008, 0x0, &(0x7f0000d8d000)={0x77359400}, &(0x7f0000048000), 0x0)
pipe(&(0x7f0000000080))
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key(&(0x7f00000001c0)='.request_key_auth\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="cceea31ddfb720673cee94308c3e4dbe6dd330a4fd04995cea3d5b058fb141b9f5293fc7aeff3ef1754c263a36b4cf66a7f6f8bfe8e135f973a75549e6f4c1363c5d051cc730a320a782e422937cbd0c3b3894915b576eaac3453503d893e1ea75d7dcfaa0163f0113075c4cf75ac3d223613bd476c77032592679c4e3b2796fb98b18171354f2285a13a744bbe23ca746fa2cb8e95272228b098d8a4c75ebda925ae41a4447a8", 0xa7, 0xfffffffffffffffe)

09:58:49 executing program 1:
socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
timerfd_create(0x0, 0x0)
write(r1, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x64}, &(0x7f0000000100), 0x0, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

09:58:49 executing program 3:

09:58:49 executing program 4:

09:58:56 executing program 3:
r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)

09:58:56 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x1, 0x0)
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x2000005)
futex(0x0, 0x800000000008, 0x0, &(0x7f0000d8d000)={0x77359400}, &(0x7f0000048000), 0x0)
pipe(&(0x7f0000000080))
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key(&(0x7f00000001c0)='.request_key_auth\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="cceea31ddfb720673cee94308c3e4dbe6dd330a4fd04995cea3d5b058fb141b9f5293fc7aeff3ef1754c263a36b4cf66a7f6f8bfe8e135f973a75549e6f4c1363c5d051cc730a320a782e422937cbd0c3b3894915b576eaac3453503d893e1ea75d7dcfaa0163f0113075c4cf75ac3d223613bd476c77032592679c4e3b2796fb98b18171354f2285a13a744bbe23ca746fa2cb8e95272228b098d8a4c75ebda925ae41a4447a8", 0xa7, 0xfffffffffffffffe)

09:58:56 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000140)={0xfffffffffffffffc, 0x0, 0x0, 0xffff})
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040))

09:58:57 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local}, 0x1c)
r1 = socket$inet6(0xa, 0x803, 0x4)
ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
setsockopt$inet6_opts(r0, 0x29, 0x4b, &(0x7f0000000000)=@fragment={0xa4ffffff}, 0x8)

09:58:57 executing program 1:
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
close(r0)
socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$bt_hci(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0))

syzkaller login: [   71.884667] ------------[ cut here ]------------
09:58:57 executing program 5:
clone(0x2000002102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getrandom(0x0, 0x100000168, 0x2)

[   71.923559] WARNING: CPU: 0 PID: 3750 at arch/x86/mm/pat.c:1017 untrack_pfn+0x214/0x270()
[   71.961038] Kernel panic - not syncing: panic_on_warn set ...
[   71.961038] 
[   71.968420] CPU: 0 PID: 3750 Comm: syz-executor3 Not tainted 4.4.164+ #13
[   71.975350]  0000000000000000 6308b20fa7b59b2e ffff8800a6ab76e8 ffffffff81aa5d4d
[   71.983421]  ffffffff828353a0 ffff8800a6aa8000 ffffffff82830900 0000000000000009
[   71.991497]  00000000000003f9 ffff8800a6ab77a8 ffffffff813a2404 0000000041b58ab3
[   71.999555] Call Trace:
[   72.002143]  [<ffffffff81aa5d4d>] dump_stack+0xc1/0x124
[   72.007501]  [<ffffffff813a2404>] panic+0x19e/0x359
[   72.012528]  [<ffffffff813a2266>] ? add_taint.cold.4+0x16/0x16
[   72.018498]  [<ffffffff81237d67>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   72.025248]  [<ffffffff813a25d9>] ? warn_slowpath_common.cold.6+0x5/0x20
[   72.032080]  [<ffffffff813a25f4>] warn_slowpath_common.cold.6+0x20/0x20
[   72.038823]  [<ffffffff810b7b54>] ? untrack_pfn+0x214/0x270
[   72.044543]  [<ffffffff810d4629>] warn_slowpath_null+0x29/0x30
[   72.050498]  [<ffffffff810b7b54>] untrack_pfn+0x214/0x270
[   72.056008]  [<ffffffff810b7940>] ? track_pfn_insert+0x100/0x100
[   72.062127]  [<ffffffff8147f3d9>] ? kasan_kmalloc.part.1+0xc9/0xf0
[   72.068442]  [<ffffffff8142f033>] unmap_single_vma+0xea3/0x10d0
[   72.074473]  [<ffffffff8142e190>] ? vm_normal_page+0x300/0x300
[   72.080417]  [<ffffffff813e0d41>] ? lru_add_drain_cpu+0x161/0x390
[   72.086625]  [<ffffffff813e0be0>] ? lru_cache_add_active_or_unevictable+0x120/0x120
[   72.094394]  [<ffffffff81430bb1>] unmap_vmas+0x81/0xd0
[   72.099659]  [<ffffffff8143d04e>] unmap_region+0x1ae/0x300
[   72.105264]  [<ffffffff8143cea0>] ? validate_mm_rb+0xa0/0xa0
[   72.111042]  [<ffffffff8143c480>] ? vma_compute_subtree_gap+0x190/0x1f0
[   72.117784]  [<ffffffff8143e332>] ? vma_rb_erase+0x422/0xa20
[   72.123556]  [<ffffffff8143c480>] ? vma_compute_subtree_gap+0x190/0x1f0
[   72.130303]  [<ffffffff814411fd>] do_munmap+0x80d/0xd40
[   72.135648]  [<ffffffff8144c7f0>] move_vma+0x550/0x9a0
[   72.140917]  [<ffffffff8144c2a0>] ? move_page_tables+0xc10/0xc10
[   72.147036]  [<ffffffff810174a0>] ? arch_get_unmapped_area+0x700/0x700
[   72.153691]  [<ffffffff81421cd7>] ? vmacache_find+0x57/0x290
[   72.159464]  [<ffffffff81965b8f>] ? selinux_mmap_addr+0x1f/0xf0
[   72.165513]  [<ffffffff81946edf>] ? security_mmap_addr+0x7f/0xb0
[   72.171634]  [<ffffffff8143d3ce>] ? get_unmapped_area+0x22e/0x300
[   72.177841]  [<ffffffff8144d63a>] SyS_mremap+0x9fa/0xd90
[   72.183266]  [<ffffffff8144cc40>] ? move_vma+0x9a0/0x9a0
[   72.188693]  [<ffffffff812af657>] ? __compat_put_timespec.isra.3+0xc7/0x140
[   72.195803]  [<ffffffff812b273d>] ? compat_SyS_clock_gettime+0x14d/0x1d0
[   72.202611]  [<ffffffff812b25f0>] ? compat_SyS_clock_settime+0x1b0/0x1b0
[   72.209422]  [<ffffffff8100605b>] ? do_fast_syscall_32+0xdb/0xa80
[   72.215631]  [<ffffffff8144cc40>] ? move_vma+0x9a0/0x9a0
[   72.221058]  [<ffffffff8100629e>] do_fast_syscall_32+0x31e/0xa80
[   72.227187]  [<ffffffff827155d0>] sysenter_flags_fixed+0xd/0x1a
[   72.233531] Kernel Offset: disabled
[   72.237191] Rebooting in 86400 seconds..