./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1851665789 <...> Starting sshd: OK [ 6.605865][ T133] rcS (133) used greatest stack depth: 23768 bytes left syzkaller syzkaller login: [ 14.735748][ T22] kauditd_printk_skb: 60 callbacks suppressed [ 14.735754][ T22] audit: type=1400 audit(1671054178.109:71): avc: denied { transition } for pid=265 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.749152][ T22] audit: type=1400 audit(1671054178.119:72): avc: denied { write } for pid=265 comm="sh" path="pipe:[9720]" dev="pipefs" ino=9720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 15.688939][ T266] sshd (266) used greatest stack depth: 23704 bytes left Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. execve("./syz-executor1851665789", ["./syz-executor1851665789"], 0x7ffe7e0a7ae0 /* 10 vars */) = 0 brk(NULL) = 0x555556e8e000 brk(0x555556e8ec40) = 0x555556e8ec40 arch_prctl(ARCH_SET_FS, 0x555556e8e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1851665789", 4096) = 28 brk(0x555556eafc40) = 0x555556eafc40 brk(0x555556eb0000) = 0x555556eb0000 mprotect(0x7fe6b7eca000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e8e5d0) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setsid() = 1 [pid 305] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 305] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 305] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 305] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 305] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 305] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 305] unshare(CLONE_NEWNS) = 0 [pid 305] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 305] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 305] unshare(CLONE_NEWCGROUP) = 0 [pid 305] unshare(CLONE_NEWUTS) = 0 [pid 305] unshare(CLONE_SYSVSEM) = 0 [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 305] getpid() = 1 [pid 305] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 0b 0f 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 89 d3 [ 23.165370][ T305] RSP: 0018:ffff8881dcfb7520 EFLAGS: 00010293 [ 23.172398][ T305] RAX: ffffffff8375d30a RBX: 0000000000000012 RCX: ffff8881de590fc0 [ 23.181538][ T305] RDX: 0000000000000000 RSI: 000000000000fcd3 RDI: 000000000000fccf [ 23.189753][ T305] RBP: ffff8881dcfb75f0 R08: ffffffff8375cfc0 R09: ffffffff8375cc05 [ 23.197887][ T305] R10: ffff8881de590fc0 R11: 0000000000000002 R12: dffffc0000000000 [ 23.206020][ T305] R13: 000000000000b9c6 R14: 000000000000fccf R15: 000000000000fcd3 [ 23.214143][ T305] FS: 0000555556e8e300(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 23.223236][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.229822][ T305] CR2: 000000002000f000 CR3: 00000001dcc57000 CR4: 00000000003406f0 [ 23.237860][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.245934][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.254275][ T305] Call Trace: [ 23.257557][ T305] ? skb_network_protocol+0x650/0x650 [ 23.263333][ T305] ? netif_skb_features+0x7a5/0xa80 [ 23.268603][ T305] __skb_gso_segment+0x303/0x4a0 [ 23.273527][ T305] validate_xmit_skb+0x2eb/0xc80 [ 23.278449][ T305] ? validate_xmit_skb_list+0x140/0x140 [ 23.283974][ T305] ? do_user_addr_fault+0x6b4/0xb30 [ 23.289242][ T305] ? netdev_core_pick_tx+0xc3/0x2f0 [ 23.294428][ T305] __dev_queue_xmit+0x1182/0x2a20 [ 23.299429][ T305] ? dev_queue_xmit+0x20/0x20 [ 23.304179][ T305] ? virtio_net_hdr_to_skb+0x9e3/0x10f0 [ 23.309715][ T305] ? skb_copy_datagram_from_iter+0x5cb/0x680 [ 23.315909][ T305] packet_sendmsg+0x4cef/0x67d0 [ 23.320936][ T305] ? avc_has_perm+0x218/0x260 [ 23.326549][ T305] ? avc_has_perm_noaudit+0x400/0x400 [ 23.331901][ T305] ? selinux_socket_sendmsg+0x23f/0x340 [ 23.337772][ T305] ? selinux_socket_accept+0x5b0/0x5b0 [ 23.343311][ T305] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 23.348494][ T305] ? compat_packet_setsockopt+0x160/0x160 [ 23.354405][ T305] ? cgroup_update_frozen+0x139/0x360 [ 23.359757][ T305] ? cgroup_update_frozen+0x139/0x360 [ 23.365116][ T305] ? ptrace_stop+0x6eb/0xa30 [ 23.369697][ T305] ? security_socket_sendmsg+0x9d/0xb0 [ 23.375128][ T305] ? compat_packet_setsockopt+0x160/0x160 [ 23.380816][ T305] __sys_sendto+0x4f1/0x6c0 [ 23.385286][ T305] ? __ia32_sys_getpeername+0x80/0x80 [ 23.390771][ T305] ? syscall_trace_enter+0x652/0x940 [ 23.396206][ T305] ? do_syscall_64+0x1c0/0x1c0 [ 23.401059][ T305] ? __fpregs_load_activate+0x1d7/0x3c0 [ 23.406752][ T305] ? switch_fpu_return+0x10/0x10 [ 23.411661][ T305] __x64_sys_sendto+0xda/0xf0 [ 23.416307][ T305] do_syscall_64+0xcb/0x1c0 [ 23.420957][ T305] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 23.427040][ T305] Modules linked in: [ 23.430954][ T305] ---[ end trace 23640b0c0c5386e2 ]--- [ 23.436510][ T305] RIP: 0010:skb_mac_gso_segment+0x48a/0x490 [ 23.442411][ T305] Code: 4c 24 08 80 e1 07 80 c1 03 38 c1 0f 8c d3 fe ff ff 48 8b 7c 24 08 e8 55 de 1d fe e9 c4 fe ff ff e8 4b 52 c6 fd e8 16 78 ef fd <0f> 0b 0f 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 89 d3 [ 23.462902][ T305] RSP: 0018:ffff8881dcfb7520 EFLAGS: 00010293 [ 23.468958][ T305] RAX: ffffffff8375d30a RBX: 0000000000000012 RCX: ffff8881de590fc0 [ 23.477112][ T305] RDX: 0000000000000000 RSI: 000000000000fcd3 RDI: 000000000000fccf [ 23.485201][ T305] RBP: ffff8881dcfb75f0 R08: ffffffff8375cfc0 R09: ffffffff8375cc05 [ 23.493362][ T305] R10: ffff8881de590fc0 R11: 0000000000000002 R12: dffffc0000000000 [ 23.501357][ T305] R13: 000000000000b9c6 R14: 000000000000fccf R15: 000000000000fcd3 [ 23.509867][ T305] FS: 0000555556e8e300(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 23.519076][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.526465][ T305] CR2: 000000002000f000 CR3: 00000001dcc57000 CR4: 00000000003406f0 [ 23.534562][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.542902][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.550935][ T305] Kernel panic - not syncing: Fatal exception in interrupt [ 23.558181][ T305] Kernel Offset: disabled [ 23.562591][ T305] Rebooting in 86400 seconds..