[....] Starting enhanced syslogd: rsyslogd[ 14.765656] audit: type=1400 audit(1552145441.733:4): avc: denied { syslog } for pid=1916 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.213' (ECDSA) to the list of known hosts. 2019/03/09 15:31:03 fuzzer started 2019/03/09 15:31:06 dialing manager at 10.128.0.26:39007 2019/03/09 15:31:06 syscalls: 1 2019/03/09 15:31:06 code coverage: enabled 2019/03/09 15:31:06 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/09 15:31:06 extra coverage: extra coverage is not supported by the kernel 2019/03/09 15:31:06 setuid sandbox: enabled 2019/03/09 15:31:06 namespace sandbox: enabled 2019/03/09 15:31:06 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/09 15:31:06 fault injection: kernel does not have systematic fault injection support 2019/03/09 15:31:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/09 15:31:06 net packet injection: enabled 2019/03/09 15:31:06 net device setup: enabled 15:31:54 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000001880)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='io\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) getresuid(0x0, 0x0, 0x0) 15:31:54 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x14, 0x18, {0x0, @bearer=@udp='udp:syz0\x00'}}}}, 0x30}}, 0x0) 15:31:54 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) symlinkat(&(0x7f0000000100)='./file0\x00', r0, &(0x7f00000002c0)='./file0\x00') ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, 0x0) close(r0) preadv(0xffffffffffffffff, 0x0, 0xfffffffffffffe89, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) fchdir(0xffffffffffffffff) listxattr(0x0, 0x0, 0xfffffffffffffd70) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=0x0) sched_getaffinity(r1, 0x8, &(0x7f0000000080)) 15:31:54 executing program 3: r0 = socket$inet6(0xa, 0x20800a2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x0, 0x2, 0x11, 0xfffffffffffff722, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x64ca1839, 0x0, 0x8001, 0x7, 0x7fff, 0x80, 0x7f, 0x0, 0x20, 0x4, 0x7f, 0x9, 0x8, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x9, 0x1, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x8}, 0x8026, 0x5, 0x0, 0x1, 0x7, 0xfffffffffffffff8}, 0x0, 0xc, 0xffffffffffffffff, 0x0) socket(0x1e, 0x805, 0x0) getresuid(&(0x7f0000000140), &(0x7f0000000600), &(0x7f0000000640)) 15:31:54 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) futex(&(0x7f0000000000)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="3823f2000001bc0d1f0084762307029b019787dfbd0128c1b8b2dbb75436b249463d7015aeded343c700000000175800ec0b15740a799b180c"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) 15:31:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r1 = dup2(r0, r0) write$P9_RGETATTR(r1, &(0x7f00000007c0)={0xa0}, 0xa0) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x1}}, 0x0) 15:31:55 executing program 2: r0 = socket$inet6(0xa, 0x20800a2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x9, 0x2, 0x11, 0xfffffffffffff722, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x64ca1839, 0x0, 0x8001, 0x7, 0x7fff, 0x80, 0x7f, 0x0, 0x0, 0x4, 0x7f, 0x9, 0x8, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x9, 0x1, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x8}, 0x8026, 0x5, 0x0, 0x1, 0x7, 0xfffffffffffffff8}, 0x0, 0xc, 0xffffffffffffffff, 0x0) socket(0x1e, 0x805, 0x0) getresuid(&(0x7f0000000140), &(0x7f0000000600), &(0x7f0000000640)) syzkaller login: [ 88.318171] audit: type=1400 audit(1552145515.283:5): avc: denied { create } for pid=2285 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 15:31:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bc070") socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) close(r1) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x200}, 0x1c) io_setup(0x6, &(0x7f0000001940)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r1, 0x0, 0x12f}]) 15:31:55 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000000280)=0x0) io_submit(r1, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 15:31:55 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000016ffc)=0xfffff7fffffffffd, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000015000)=0x1004, 0x4) bind$inet(r0, &(0x7f0000008ff0)={0x2, 0x4e20, @multicast2}, 0x10) listen(r0, 0x0) listen(r1, 0x0) prctl$PR_GET_DUMPABLE(0x3) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) [ 88.362704] audit: type=1400 audit(1552145515.333:6): avc: denied { write } for pid=2285 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 15:31:55 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0) perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c62, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x84051, r0, 0x3e) 15:31:55 executing program 0: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$cont(0x21, r0, 0x7, 0x0) [ 88.439639] audit: type=1400 audit(1552145515.403:7): avc: denied { read } for pid=2285 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 15:31:55 executing program 3: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) signalfd(r0, &(0x7f0000392ff8), 0x8) poll(&(0x7f0000000080)=[{r1}], 0x1, 0x0) 15:31:55 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130003000000000000000000000105000600200000000a00000000000000000500e50000070000001f000000000000030000000000000200010000000000000000020000000005000500000000000a00000000000000ff17000000000000000000000000001700000000000000003d7953a08408c1fc284189f19769d8c9060e553f533680b5971af1a53c03ad6b8a99dcadd9d1d0ee2e3185ea977ad13362b0746b901e3066d43eeca410d592d9dfb67e6cb5c0ddb4e91e89abf30b7a55a3f4cdf6c303b006728a24859dcc63962a556ac6a6b6b871f94cdfc41d2c7e2e016d012512e0825fda223f9f4288d45f4840698765183a00b14ec6436e2ab71985c0ff63c8ad74107faee1afc0ebd4d012cee764ac20"], 0x126}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) 15:31:55 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/stat\x00') fstat(r0, &(0x7f0000000000)) 15:31:55 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) 15:31:58 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x82003, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$TIOCCBRK(r0, 0x5428) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) write$P9_ROPEN(r0, 0x0, 0xfffffed2) io_setup(0x8, &(0x7f0000000000)=0x0) io_destroy(r2) tkill(r1, 0x1000000000016) 15:31:58 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4) connect$inet6(r0, 0x0, 0x0) dup2(r0, 0xffffffffffffffff) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000000301ffff0000000000000000000000000800150000000000080008d200000081"], 0x24}}, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x0, 0x0, 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, 0x0) 15:31:58 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000008d40)={@multicast2, @loopback}, 0xc) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000008e40)=ANY=[@ANYBLOB="010000000000000002000000e00000020000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005adb59df44c5baabbb301acedb95230000e995967a14a41b29a99d9878d26c25293da53a60d82332e28e8f46a6e38253d4583945e4efda07d818812f1f0000002f9f8805bd7be47a49bd63"], 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000080)={0x1, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) 15:31:58 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$RTC_PIE_ON(r0, 0x7005) 15:31:58 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockname$inet6(r2, 0x0, &(0x7f0000000280)) 15:31:58 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000c00)='net/icmp6\x00') ppoll(&(0x7f0000000e40)=[{r0}], 0x1, 0x0, &(0x7f0000000f00)={0x7fffffff}, 0x8) 15:31:58 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/stat\x00') fchown(r0, 0x0, 0x0) fchown(r0, 0x0, 0x0) 15:31:58 executing program 3: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) read$eventfd(r0, &(0x7f00000003c0), 0x8) write$UHID_CREATE(r0, 0x0, 0x0) 15:31:58 executing program 3: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x20000000007ffffc, 0xfffe) 15:31:58 executing program 2: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x29) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x400006, 0x0, 0xa4}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 91.460686] audit: type=1400 audit(1552145518.433:8): avc: denied { create } for pid=2354 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 15:31:58 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$cont(0x21, r0, 0x7, 0x0) 15:31:58 executing program 4: r0 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000e80)=ANY=[@ANYBLOB="00bc0800000000000000c9070000007a085d878df3f85a0f06990100000024f45264499347e31e32e80a971034903c3fffb0000000f34669e4cc67f518a55c923b"]}) 15:31:58 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r1 = gettid() sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) gettid() write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, 0x0) tkill(r1, 0x2001000000000016) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) [ 91.562602] audit: type=1400 audit(1552145518.533:9): avc: denied { write } for pid=2354 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 15:31:58 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setgid(r1) 15:31:58 executing program 2: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/pid\x04\x00\x00\x00ren\x00') 15:31:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000001c0)='cpu.weight.nice\x00', 0x2, 0x0) sendfile(r2, r2, 0x0, 0x3) 15:31:58 executing program 3: syz_emit_ethernet(0x36, &(0x7f0000007000)={@local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x2100, 0x0, 0x21, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) 15:31:59 executing program 0: unshare(0x400) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) fgetxattr(r0, &(0x7f0000000100)=@known='system.sockprotoname\x00', 0x0, 0x0) 15:31:59 executing program 4: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x5, 0x200080012, r0, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 15:31:59 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r4 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/icmp\x00') sendfile(r3, r5, 0x0, 0x9168) r6 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r6, r3) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r4, 0x1004000000016) 15:31:59 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) getuid() setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x0, @empty, 0x0, 0x0, 'wlc\x00'}, 0x2c) 15:31:59 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listxattr(0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000040), 0x4) [ 92.273130] ------------[ cut here ]------------ [ 92.279598] WARNING: CPU: 1 PID: 2430 at arch/x86/mm/pat.c:1017 untrack_pfn+0x214/0x270() [ 92.288480] Kernel panic - not syncing: panic_on_warn set ... [ 92.288480] [ 92.295849] CPU: 1 PID: 2430 Comm: syz-executor.4 Not tainted 4.4.174+ #17 [ 92.302870] 0000000000000000 165fbcc50f2d58c2 ffff8800b9d6f740 ffffffff81aad1a1 [ 92.310883] 0000000000000000 ffffffff82835ee0 ffffffff82831440 00000000000003f9 15:31:59 executing program 5: syz_emit_ethernet(0x36, &(0x7f0000007000)={@local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x6000, 0x0, 0x21, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) 15:31:59 executing program 0: unshare(0x400) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) fgetxattr(r0, &(0x7f0000000100)=@known='system.sockprotoname\x00', 0x0, 0x0) 15:31:59 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/stat\x00') getdents64(r0, 0x0, 0x0) [ 92.319028] ffffffff810b6b24 ffff8800b9d6f820 ffffffff813a48c2 0000000041b58ab3 [ 92.329081] Call Trace: [ 92.331663] [] dump_stack+0xc1/0x120 [ 92.337020] [] ? untrack_pfn+0x214/0x270 [ 92.342719] [] panic+0x1b9/0x37b [ 92.347714] [] ? add_taint.cold+0x16/0x16 [ 92.353497] [] ? follow_phys+0x1f9/0x2e0 [ 92.359205] [] ? warn_slowpath_common.cold+0x5/0x20 [ 92.365875] [] warn_slowpath_common.cold+0x20/0x20 15:31:59 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = creat(&(0x7f00000001c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x4) write$eventfd(r2, &(0x7f0000000200)=0x20000000000000, 0x8) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x21, 0x4) fallocate(r1, 0x1, 0x2, 0x9) dup2(r3, r0) getsockname$inet6(r3, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000280)=0x1c) 15:31:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000000280)=0x0) io_submit(r1, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 92.372449] [] warn_slowpath_null+0x2a/0x30 [ 92.378448] [] untrack_pfn+0x214/0x270 [ 92.383982] [] ? track_pfn_insert+0x100/0x100 [ 92.390129] [] ? depot_save_stack+0x1c3/0x5f0 [ 92.396291] [] unmap_single_vma+0xe2e/0x1090 [ 92.402346] [] ? trace_hardirqs_on+0x10/0x10 [ 92.408406] [] ? vm_normal_page+0x300/0x300 [ 92.414392] [] ? lru_add_drain_cpu+0x165/0x390 15:31:59 executing program 0: pipe2(0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0xc5) socketpair$unix(0x1, 0x4000000000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) shutdown(0xffffffffffffffff, 0x0) stat(0x0, 0x0) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000180)=0x133) getuid() setresuid(0x0, r1, 0x0) [ 92.420639] [] ? lru_cache_add_active_or_unevictable+0x120/0x120 [ 92.428438] [] unmap_vmas+0x48/0xa0 [ 92.433716] [] unmap_region+0x1a9/0x320 [ 92.439335] [] ? validate_mm_rb+0xb0/0xb0 [ 92.445134] [] ? vma_compute_subtree_gap+0x1f0/0x1f0 [ 92.451886] [] ? vma_rb_erase+0x429/0xa30 [ 92.457689] [] ? vma_compute_subtree_gap+0x190/0x1f0 [ 92.464442] [] do_munmap+0x4ca/0xcf0 15:31:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000000280)=0x0) io_submit(r1, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) socket$inet6(0xa, 0x0, 0x0) 15:31:59 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='\x00\x00\x02') fchown(r0, 0x0, 0x0) [ 92.469815] [] move_vma+0x50e/0x920 [ 92.475086] [] ? move_page_tables+0xcc0/0xcc0 [ 92.481227] [] ? vmacache_update+0x101/0x130 [ 92.487288] [] ? selinux_mmap_addr+0x20/0xf0 [ 92.493348] [] ? security_mmap_addr+0x7f/0xb0 [ 92.499491] [] ? get_unmapped_area+0x238/0x310 [ 92.505719] [] SyS_mremap+0x9dd/0xd60 [ 92.511167] [] ? finish_task_switch+0x1e1/0x660 [ 92.517488] [] ? move_vma+0x920/0x920 [ 92.522942] [] ? __schedule+0x7e3/0x1ee0 [ 92.528657] [] ? do_fast_syscall_32+0xd6/0xa90 [ 92.534890] [] ? move_vma+0x920/0x920 [ 92.540344] [] do_fast_syscall_32+0x32d/0xa90 [ 92.546494] [] sysenter_flags_fixed+0xd/0x1a [ 92.552987] Kernel Offset: disabled [ 92.556665] Rebooting in 86400 seconds..