[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.296468] kauditd_printk_skb: 3 callbacks suppressed [ 46.296484] audit: type=1400 audit(1582679506.705:35): avc: denied { map } for pid=8035 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 360.671749] audit: type=1400 audit(1582679821.075:36): avc: denied { map } for pid=8043 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts. [ 968.898545] audit: type=1400 audit(1582680429.305:37): avc: denied { map } for pid=8050 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/02/26 01:27:09 parsed 1 programs [ 970.214062] audit: type=1400 audit(1582680430.615:38): avc: denied { map } for pid=8050 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=146 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/02/26 01:27:10 executed programs: 0 [ 970.409299] IPVS: ftp: loaded support on port[0] = 21 [ 970.464924] chnl_net:caif_netlink_parms(): no params data found [ 970.515760] bridge0: port 1(bridge_slave_0) entered blocking state [ 970.522481] bridge0: port 1(bridge_slave_0) entered disabled state [ 970.529822] device bridge_slave_0 entered promiscuous mode [ 970.537404] bridge0: port 2(bridge_slave_1) entered blocking state [ 970.543832] bridge0: port 2(bridge_slave_1) entered disabled state [ 970.551045] device bridge_slave_1 entered promiscuous mode [ 970.566193] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 970.575125] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 970.591534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 970.599971] team0: Port device team_slave_0 added [ 970.605717] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 970.606401] team0: Port device team_slave_1 added [ 970.625341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 970.631694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 970.656940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 970.668627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 970.674899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 970.700382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 970.711919] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 970.719682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 970.768178] device hsr_slave_0 entered promiscuous mode [ 970.805994] device hsr_slave_1 entered promiscuous mode [ 970.847054] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 970.854276] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 970.901961] audit: type=1400 audit(1582680431.305:39): avc: denied { create } for pid=8067 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 970.924001] bridge0: port 2(bridge_slave_1) entered blocking state [ 970.927076] audit: type=1400 audit(1582680431.305:40): avc: denied { write } for pid=8067 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 970.932480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 970.957465] audit: type=1400 audit(1582680431.305:41): avc: denied { read } for pid=8067 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 970.963300] bridge0: port 1(bridge_slave_0) entered blocking state [ 970.992987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 971.024675] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 971.032039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 971.042026] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 971.051376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 971.070473] bridge0: port 1(bridge_slave_0) entered disabled state [ 971.088353] bridge0: port 2(bridge_slave_1) entered disabled state [ 971.095664] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 971.105961] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 971.112143] 8021q: adding VLAN 0 to HW filter on device team0 [ 971.121986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 971.129618] bridge0: port 1(bridge_slave_0) entered blocking state [ 971.135997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 971.145178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 971.152921] bridge0: port 2(bridge_slave_1) entered blocking state [ 971.159409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 971.175136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 971.183860] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 971.200077] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 971.210027] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 971.220842] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 971.228067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 971.235861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 971.243924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 971.252582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 971.266493] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 971.273979] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 971.280911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 971.291915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 971.305050] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 971.314970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 971.358954] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 971.366875] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 971.373445] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 971.383053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 971.390759] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 971.397873] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 971.406948] device veth0_vlan entered promiscuous mode [ 971.416353] device veth1_vlan entered promiscuous mode [ 971.422164] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 971.430898] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 971.443441] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 971.453088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 971.460669] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 971.468119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 971.478419] device veth0_macvtap entered promiscuous mode [ 971.486886] device veth1_macvtap entered promiscuous mode [ 971.495722] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 971.505013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 971.515371] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 971.522937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 971.529747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 971.537618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 971.548940] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 971.556506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 971.563352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 971.571325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 971.676837] audit: type=1400 audit(1582680432.085:42): avc: denied { associate } for pid=8067 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2020/02/26 01:27:15 executed programs: 198 [ 979.465736] ------------[ cut here ]------------ [ 979.470725] Unexpected user alpha2: A [ 979.477476] WARNING: CPU: 1 PID: 8077 at net/wireless/reg.c:416 restore_regulatory_settings+0x22d/0xfd0 [ 979.487034] Kernel panic - not syncing: panic_on_warn set ... [ 979.487034] [ 979.494424] CPU: 1 PID: 8077 Comm: kworker/1:3 Not tainted 4.19.106-syzkaller #0 [ 979.502184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 979.511625] Workqueue: events_power_efficient crda_timeout_work [ 979.517703] Call Trace: [ 979.520396] dump_stack+0x197/0x210 [ 979.524054] panic+0x26a/0x50e [ 979.527272] ? __warn_printk+0xf3/0xf3 [ 979.531192] ? restore_regulatory_settings+0x22d/0xfd0 [ 979.536494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 979.542065] ? __warn.cold+0x5/0x53 [ 979.545702] ? __warn+0xe8/0x1d0 [ 979.549083] ? restore_regulatory_settings+0x22d/0xfd0 [ 979.554362] __warn.cold+0x20/0x53 [ 979.557917] ? restore_regulatory_settings+0x22d/0xfd0 [ 979.563200] report_bug+0x263/0x2b0 [ 979.566830] do_error_trap+0x204/0x360 [ 979.570751] ? math_error+0x340/0x340 [ 979.574549] ? wake_up_klogd+0x99/0xd0 [ 979.578427] ? vprintk_emit+0x2a8/0x6d0 [ 979.582420] ? vprintk_emit+0x1ce/0x6d0 [ 979.586464] ? error_entry+0x7c/0xe0 [ 979.590190] ? trace_hardirqs_off_caller+0x65/0x220 [ 979.595763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 979.600632] do_invalid_op+0x1b/0x20 [ 979.604436] invalid_op+0x14/0x20 [ 979.607900] RIP: 0010:restore_regulatory_settings+0x22d/0xfd0 [ 979.613804] Code: 44 89 f6 e8 35 33 8f fa 45 84 f6 0f 85 80 07 00 00 e8 e7 31 8f fa 41 0f be d5 41 0f be f4 48 c7 c7 c0 b7 5f 88 e8 c1 b7 62 fa <0f> 0b e8 cc 31 8f fa 48 8b 1d 05 84 dd 02 48 b8 00 00 00 00 00 fc [ 979.632718] RSP: 0018:ffff88808dc4fc28 EFLAGS: 00010282 [ 979.638087] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 979.645364] RDX: 0000000000000000 RSI: ffffffff81554f66 RDI: ffffed1011b89f77 [ 979.652636] RBP: ffff88808dc4fd20 R08: ffff8880813d4100 R09: ffffed1015d23ee3 [ 979.659899] R10: ffffed1015d23ee2 R11: ffff8880ae91f717 R12: 0000000000000041 [ 979.667178] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880ae92ba80 [ 979.674487] ? vprintk_func+0x86/0x189 [ 979.678381] ? restore_regulatory_settings+0x22d/0xfd0 [ 979.683775] ? process_one_work+0x890/0x1750 [ 979.688204] ? regulatory_hint_user+0x240/0x240 [ 979.692892] ? __lock_is_held+0xb6/0x140 [ 979.696971] crda_timeout_work+0x1f/0x30 [ 979.701231] process_one_work+0x989/0x1750 [ 979.705486] ? pwq_dec_nr_in_flight+0x320/0x320 [ 979.710170] ? lock_acquire+0x16f/0x3f0 [ 979.714253] ? kasan_check_write+0x14/0x20 [ 979.718496] ? do_raw_spin_lock+0xd7/0x250 [ 979.722761] worker_thread+0x98/0xe40 [ 979.726567] ? trace_hardirqs_on+0x67/0x220 [ 979.730922] kthread+0x354/0x420 [ 979.734306] ? process_one_work+0x1750/0x1750 [ 979.738805] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 979.744373] ret_from_fork+0x24/0x30 [ 979.749791] Kernel Offset: disabled [ 979.753489] Rebooting in 86400 seconds..