./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3237522667
<...>
[ 2.960498][ T99] udevd[99]: starting version 3.2.11
[ 2.980902][ T100] udevd[100]: starting eudev-3.2.11
[ 3.087133][ T101] udevadm (101) used greatest stack depth: 23120 bytes left
[ 6.533558][ T112] udevd (112) used greatest stack depth: 21328 bytes left
[ 12.793761][ T30] kauditd_printk_skb: 50 callbacks suppressed
[ 12.793770][ T30] audit: type=1400 audit(1702829848.296:61): avc: denied { transition } for pid=226 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.797791][ T30] audit: type=1400 audit(1702829848.306:62): avc: denied { noatsecure } for pid=226 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.800341][ T30] audit: type=1400 audit(1702829848.306:63): avc: denied { write } for pid=226 comm="sh" path="pipe:[12399]" dev="pipefs" ino=12399 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 12.803542][ T30] audit: type=1400 audit(1702829848.306:64): avc: denied { rlimitinh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.806369][ T30] audit: type=1400 audit(1702829848.306:65): avc: denied { siginh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.26' (ED25519) to the list of known hosts.
execve("./syz-executor3237522667", ["./syz-executor3237522667"], 0x7ffceb15a990 /* 10 vars */) = 0
brk(NULL) = 0x555557089000
brk(0x555557089d00) = 0x555557089d00
arch_prctl(ARCH_SET_FS, 0x555557089380) = 0
set_tid_address(0x555557089650) = 295
set_robust_list(0x555557089660, 24) = 0
rseq(0x555557089ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3237522667", 4096) = 28
getrandom("\x3d\x97\x1b\x5f\x24\x17\x61\x72", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557089d00
brk(0x5555570aad00) = 0x5555570aad00
brk(0x5555570ab000) = 0x5555570ab000
mprotect(0x7f8ad77c1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[ 20.993480][ T30] audit: type=1400 audit(1702829856.496:66): avc: denied { execmem } for pid=295 comm="syz-executor323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 20.997791][ T30] audit: type=1400 audit(1702829856.506:67): avc: denied { prog_load } for pid=295 comm="syz-executor323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 21.000639][ T30] audit: type=1400 audit(1702829856.506:68): avc: denied { bpf } for pid=295 comm="syz-executor323" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 21.003492][ T30] audit: type=1400 audit(1702829856.506:69): avc: denied { perfmon } for pid=295 comm="syz-executor323" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 21.120726][ T295] ================================================================================
[ 21.129848][ T295] UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:7979:63
[ 21.137206][ T295] shift exponent 1073741824 is too large for 32-bit type 's32' (aka 'int')
[ 21.145529][ T295] CPU: 1 PID: 295 Comm: syz-executor323 Not tainted 5.15.139-syzkaller-00529-g05ef4ccb5774 #0
[ 21.155599][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 21.165487][ T295] Call Trace:
[ 21.168613][ T295]
[ 21.171391][ T295] dump_stack_lvl+0x151/0x1b7
[ 21.175902][ T295] ? io_uring_drop_tctx_refs+0x190/0x190
[ 21.181367][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 21.186314][ T295] dump_stack+0x15/0x17
[ 21.190311][ T295] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420
[ 21.196558][ T295] scalar32_min_max_arsh+0x622/0x6c0
[ 21.201677][ T295] ? adjust_reg_min_max_vals+0x7b6/0x6360
[ 21.207233][ T295] adjust_reg_min_max_vals+0x3d1d/0x6360
[ 21.212704][ T295] ? reg_bounds_sync+0xf90/0xf90
[ 21.217476][ T295] ? check_stack_access_within_bounds+0x670/0x670
[ 21.223726][ T295] ? check_reg_arg+0x42a/0x820
[ 21.228323][ T295] do_check+0x94d9/0xf2c0
[ 21.232493][ T295] ? mark_reg_unknown+0x600/0x600
[ 21.237351][ T295] ? mark_reg_not_init+0x93/0x670
[ 21.242213][ T295] ? memcpy+0x56/0x70
[ 21.246029][ T295] ? btf_check_subprog_arg_match+0x181/0x2f0
[ 21.251846][ T295] do_check_common+0x909/0x1290
[ 21.256535][ T295] bpf_check+0x3835/0x12bf0
[ 21.260874][ T295] ? is_bpf_text_address+0x172/0x190
[ 21.265996][ T295] ? stack_trace_save+0x1c0/0x1c0
[ 21.270853][ T295] ? __kernel_text_address+0x9b/0x110
[ 21.276061][ T295] ? unwind_get_return_address+0x4d/0x90
[ 21.281528][ T295] ? bpf_get_btf_vmlinux+0x60/0x60
[ 21.286477][ T295] ? __kasan_check_write+0x14/0x20
[ 21.291424][ T295] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 21.296717][ T295] ? _raw_spin_lock+0x1b0/0x1b0
[ 21.301404][ T295] ? stack_trace_save+0x113/0x1c0
[ 21.306265][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 21.311211][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 21.316161][ T295] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 21.321799][ T295] ? __stack_depot_save+0x40d/0x470
[ 21.326835][ T295] ? ____kasan_kmalloc+0xed/0x110
[ 21.331698][ T295] ? ____kasan_kmalloc+0xdb/0x110
[ 21.336557][ T295] ? __kasan_kmalloc+0x9/0x10
[ 21.341069][ T295] ? kmem_cache_alloc_trace+0x115/0x210
[ 21.346450][ T295] ? selinux_bpf_prog_alloc+0x51/0x140
[ 21.351745][ T295] ? security_bpf_prog_alloc+0x62/0x90
[ 21.357038][ T295] ? bpf_prog_load+0x9ee/0x1b50
[ 21.361727][ T295] ? __sys_bpf+0x4bc/0x760
[ 21.365978][ T295] ? __x64_sys_bpf+0x7c/0x90
[ 21.370405][ T295] ? do_syscall_64+0x3d/0xb0
[ 21.374833][ T295] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.380740][ T295] ? __kasan_kmalloc+0x9/0x10
[ 21.385248][ T295] ? memset+0x35/0x40
[ 21.389067][ T295] ? bpf_obj_name_cpy+0x196/0x1e0
[ 21.393927][ T295] bpf_prog_load+0x12ac/0x1b50
[ 21.398529][ T295] ? map_freeze+0x370/0x370
[ 21.402870][ T295] ? selinux_bpf+0xcb/0x100
[ 21.407212][ T295] ? security_bpf+0x82/0xb0
[ 21.411547][ T295] __sys_bpf+0x4bc/0x760
[ 21.415629][ T295] ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 21.420833][ T295] ? ptrace_notify+0x24c/0x350
[ 21.425437][ T295] __x64_sys_bpf+0x7c/0x90
[ 21.429686][ T295] do_syscall_64+0x3d/0xb0
[ 21.433941][ T295] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.439667][ T295] RIP: 0033:0x7f8ad774e3e9
[ 21.443922][ T295] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 21.463363][ T295] RSP: 002b:00007ffcad20df38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 21.471609][ T295] RAX: ffffffffffffffda RBX: 00007ffcad20e118 RCX: 00007f8ad774e3e9
[ 21.479419][ T295] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[ 21.487233][ T295] RBP: 00007f8ad77c1610 R08: 0000000000000000 R09: 0000000000000000
[ 21.495043][ T295] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[ 21.502853][ T295] R13: 00007ffcad20e108 R14: 0000000000000001 R15: 0000000000000001
[ 21.510670][ T295]
[ 21.513688][ T295] ================================================================================
[ 21.522799][ T295] ================================================================================
[ 21.531913][ T295] UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:7980:63
[ 21.539189][ T295] shift exponent 1073741824 is too large for 32-bit type 's32' (aka 'int')
[ 21.547599][ T295] CPU: 1 PID: 295 Comm: syz-executor323 Not tainted 5.15.139-syzkaller-00529-g05ef4ccb5774 #0
[ 21.557653][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 21.567544][ T295] Call Trace:
[ 21.570668][ T295]
[ 21.573448][ T295] dump_stack_lvl+0x151/0x1b7
[ 21.577959][ T295] ? io_uring_drop_tctx_refs+0x190/0x190
[ 21.583426][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 21.588377][ T295] dump_stack+0x15/0x17
[ 21.592368][ T295] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420
[ 21.598617][ T295] scalar32_min_max_arsh+0x676/0x6c0
[ 21.603736][ T295] ? adjust_reg_min_max_vals+0x7b6/0x6360
[ 21.609292][ T295] adjust_reg_min_max_vals+0x3d1d/0x6360
[ 21.614761][ T295] ? reg_bounds_sync+0xf90/0xf90
[ 21.619534][ T295] ? check_stack_access_within_bounds+0x670/0x670
[ 21.625785][ T295] ? check_reg_arg+0x42a/0x820
[ 21.630383][ T295] do_check+0x94d9/0xf2c0
[ 21.634552][ T295] ? mark_reg_unknown+0x600/0x600
[ 21.639408][ T295] ? mark_reg_not_init+0x93/0x670
[ 21.644276][ T295] ? memcpy+0x56/0x70
[ 21.648088][ T295] ? btf_check_subprog_arg_match+0x181/0x2f0
[ 21.653903][ T295] do_check_common+0x909/0x1290
[ 21.658595][ T295] bpf_check+0x3835/0x12bf0
[ 21.662933][ T295] ? is_bpf_text_address+0x172/0x190
[ 21.668053][ T295] ? stack_trace_save+0x1c0/0x1c0
[ 21.672912][ T295] ? __kernel_text_address+0x9b/0x110
[ 21.678120][ T295] ? unwind_get_return_address+0x4d/0x90
[ 21.683588][ T295] ? bpf_get_btf_vmlinux+0x60/0x60
[ 21.688535][ T295] ? __kasan_check_write+0x14/0x20
[ 21.693481][ T295] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 21.698778][ T295] ? _raw_spin_lock+0x1b0/0x1b0
[ 21.703461][ T295] ? stack_trace_save+0x113/0x1c0
[ 21.708322][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 21.713271][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 21.718219][ T295] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 21.723887][ T295] ? __stack_depot_save+0x40d/0x470
[ 21.728896][ T295] ? ____kasan_kmalloc+0xed/0x110
[ 21.733759][ T295] ? ____kasan_kmalloc+0xdb/0x110
[ 21.738614][ T295] ? __kasan_kmalloc+0x9/0x10
[ 21.743127][ T295] ? kmem_cache_alloc_trace+0x115/0x210
[ 21.748524][ T295] ? selinux_bpf_prog_alloc+0x51/0x140
[ 21.753804][ T295] ? security_bpf_prog_alloc+0x62/0x90
[ 21.759098][ T295] ? bpf_prog_load+0x9ee/0x1b50
[ 21.763785][ T295] ? __sys_bpf+0x4bc/0x760
[ 21.768038][ T295] ? __x64_sys_bpf+0x7c/0x90
[ 21.772464][ T295] ? do_syscall_64+0x3d/0xb0
[ 21.776892][ T295] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.782796][ T295] ? __kasan_kmalloc+0x9/0x10
[ 21.787307][ T295] ? memset+0x35/0x40
[ 21.791124][ T295] ? bpf_obj_name_cpy+0x196/0x1e0
[ 21.795985][ T295] bpf_prog_load+0x12ac/0x1b50
[ 21.800586][ T295] ? map_freeze+0x370/0x370
[ 21.804926][ T295] ? selinux_bpf+0xcb/0x100
[ 21.809266][ T295] ? security_bpf+0x82/0xb0
[ 21.813606][ T295] __sys_bpf+0x4bc/0x760
[ 21.817691][ T295] ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 21.822892][ T295] ? ptrace_notify+0x24c/0x350
[ 21.827495][ T295] __x64_sys_bpf+0x7c/0x90
[ 21.831832][ T295] do_syscall_64+0x3d/0xb0
[ 21.836085][ T295] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.841813][ T295] RIP: 0033:0x7f8ad774e3e9
[ 21.846066][ T295] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 21.865509][ T295] RSP: 002b:00007ffcad20df38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 21.873754][ T295] RAX: ffffffffffffffda RBX: 00007ffcad20e118 RCX: 00007f8ad774e3e9
[ 21.881566][ T295] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[ 21.889386][ T295] RBP: 00007f8ad77c1610 R08: 0000000000000000 R09: 0000000000000000
[ 21.897190][ T295] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[ 21.904999][ T295] R13: 00007ffcad20e108 R14: 0000000000000001 R15: 0000000000000001
[ 21.912812][ T295]
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_KPROBE, insn_cnt=22, insns=0x20000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3
exit_group(0) = ?
+++ exited with 0 +++
[ 21.915744][ T295] ================================================================================