./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor67491391 <...> pipe:[6669]" dev="pipefs" ino=6669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.677165][ T28] audit: type=1400 audit(1710796812.141:64): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.680327][ T28] audit: type=1400 audit(1710796812.141:65): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.891201][ T229] sftp-server (229) used greatest stack depth: 22448 bytes left Warning: Permanently added '10.128.1.175' (ED25519) to the list of known hosts. execve("./syz-executor67491391", ["./syz-executor67491391"], 0x7ffcfb0ef720 /* 10 vars */) = 0 brk(NULL) = 0x555556003000 brk(0x555556003d00) = 0x555556003d00 arch_prctl(ARCH_SET_FS, 0x555556003380) = 0 set_tid_address(0x555556003650) = 294 set_robust_list(0x555556003660, 24) = 0 rseq(0x555556003ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor67491391", 4096) = 26 getrandom("\x40\x55\xfe\x68\x7e\x52\x1b\x15", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556003d00 brk(0x555556024d00) = 0x555556024d00 brk(0x555556025000) = 0x555556025000 mprotect(0x7f4a481fc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=2147483649, max_entries=255, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [ 20.178312][ T28] audit: type=1400 audit(1710796820.651:66): avc: denied { execmem } for pid=294 comm="syz-executor674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.182400][ T28] audit: type=1400 audit(1710796820.651:67): avc: denied { bpf } for pid=294 comm="syz-executor674" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 20.183138][ T294] ================================================================================ [ 20.185192][ T28] audit: type=1400 audit(1710796820.651:68): avc: denied { map_create } for pid=294 comm="syz-executor674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.186397][ T294] UBSAN: array-index-out-of-bounds in kernel/bpf/verifier.c:5393:12 [ 20.189367][ T28] audit: type=1400 audit(1710796820.651:69): avc: denied { map_read map_write } for pid=294 comm="syz-executor674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.190190][ T294] index -1 is out of range for type 'u8[8]' (aka 'unsigned char[8]') [ 20.192799][ T28] audit: type=1400 audit(1710796820.651:70): avc: denied { prog_load } for pid=294 comm="syz-executor674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.193901][ T294] CPU: 0 PID: 294 Comm: syz-executor674 Not tainted 6.1.68-syzkaller-00062-g4292d259032a #0 [ 20.196413][ T28] audit: type=1400 audit(1710796820.651:71): avc: denied { perfmon } for pid=294 comm="syz-executor674" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 20.197763][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 20.197772][ T294] Call Trace: [ 20.197776][ T294] [ 20.197781][ T294] dump_stack_lvl+0x151/0x1b7 [ 20.197817][ T294] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 20.240294][ T294] dump_stack+0x15/0x1b [ 20.244282][ T294] __ubsan_handle_out_of_bounds+0x13a/0x160 [ 20.250009][ T294] check_stack_range_initialized+0x1349/0x1770 [ 20.255997][ T294] ? check_buffer_access+0x300/0x300 [ 20.261119][ T294] ? check_reg_sane_offset+0x240/0x240 [ 20.266412][ T294] ? sanitize_check_bounds+0xd4/0x370 [ 20.271643][ T294] check_helper_mem_access+0x4c3/0xf80 [ 20.276915][ T294] ? __check_ptr_off_reg+0x2fb/0x3d0 [ 20.282037][ T294] ? check_mem_reg+0x650/0x650 [ 20.287187][ T294] ? check_ptr_off_reg+0x30/0x30 [ 20.291947][ T294] ? mark_reg_read+0x1fe/0x390 [ 20.296550][ T294] ? check_reg_arg+0x5ef/0x840 [ 20.301132][ T294] ? check_func_arg_reg_off+0x1f8/0x270 [ 20.306568][ T294] check_helper_call+0x2fcf/0x6cd0 [ 20.311469][ T294] ? check_kfunc_call+0x1630/0x1630 [ 20.316507][ T294] ? memset+0x35/0x40 [ 20.320313][ T294] ? tnum_const+0xd/0x20 [ 20.324390][ T294] do_check+0x78b7/0xe040 [ 20.328560][ T294] ? kasan_set_track+0x4b/0x70 [ 20.333163][ T294] ? kasan_save_alloc_info+0x1f/0x30 [ 20.338292][ T294] ? __x64_sys_bpf+0x7c/0x90 [ 20.342735][ T294] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.348701][ T294] ? init_func_state+0x3c0/0x3c0 [ 20.353468][ T294] ? memset+0x35/0x40 [ 20.357286][ T294] ? btf_check_subprog_arg_match+0x182/0x300 [ 20.363100][ T294] do_check_common+0x6ce/0xed0 [ 20.367707][ T294] bpf_check+0x673b/0x16560 [ 20.372044][ T294] ? stack_depot_save+0x13/0x20 [ 20.376760][ T294] ? __kasan_check_write+0x14/0x20 [ 20.381676][ T294] ? __set_page_owner_handle+0x38a/0x3d0 [ 20.387147][ T294] ? page_ext_put+0x1c/0x30 [ 20.391482][ T294] ? __set_page_owner+0x53/0x70 [ 20.396169][ T294] ? post_alloc_hook+0x213/0x220 [ 20.401693][ T294] ? prep_new_page+0x1b/0x110 [ 20.406126][ T294] ? get_page_from_freelist+0x27ea/0x2870 [ 20.411662][ T294] ? unwind_get_return_address+0x4d/0x90 [ 20.417216][ T294] ? __kasan_check_write+0x14/0x20 [ 20.422166][ T294] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 20.427463][ T294] ? bpf_get_btf_vmlinux+0x60/0x60 [ 20.432409][ T294] ? is_bpf_text_address+0x172/0x190 [ 20.437574][ T294] ? is_module_text_address+0x290/0x360 [ 20.442906][ T294] ? stack_trace_save+0x1c0/0x1c0 [ 20.447766][ T294] ? kernel_text_address+0xa9/0xe0 [ 20.452712][ T294] ? __kernel_text_address+0xd/0x40 [ 20.457747][ T294] ? unwind_get_return_address+0x4d/0x90 [ 20.463216][ T294] ? __kasan_check_write+0x14/0x20 [ 20.468164][ T294] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 20.473456][ T294] ? _raw_spin_lock+0x1b0/0x1b0 [ 20.478435][ T294] ? stack_trace_save+0x113/0x1c0 [ 20.483369][ T294] ? stack_trace_snprint+0xf0/0xf0 [ 20.488248][ T294] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 20.493886][ T294] ? __stack_depot_save+0x419/0x480 [ 20.498919][ T294] ? selinux_bpf_prog_alloc+0x51/0x140 [ 20.504213][ T294] ? kasan_set_track+0x60/0x70 [ 20.508815][ T294] ? kasan_set_track+0x4b/0x70 [ 20.513423][ T294] ? kasan_save_alloc_info+0x1f/0x30 [ 20.518534][ T294] ? __kasan_kmalloc+0x9c/0xb0 [ 20.523142][ T294] ? kmalloc_trace+0x44/0xa0 [ 20.527561][ T294] ? selinux_bpf_prog_alloc+0x51/0x140 [ 20.532976][ T294] ? security_bpf_prog_alloc+0x62/0x90 [ 20.538258][ T294] ? bpf_prog_load+0xa6a/0x1bf0 [ 20.542944][ T294] ? __sys_bpf+0x52c/0x7f0 [ 20.547198][ T294] ? __x64_sys_bpf+0x7c/0x90 [ 20.551622][ T294] ? do_syscall_64+0x3d/0xb0 [ 20.556052][ T294] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.561960][ T294] ? __kasan_check_write+0x14/0x20 [ 20.566900][ T294] ? _raw_spin_lock+0xa4/0x1b0 [ 20.571502][ T294] ? _raw_spin_trylock_bh+0x190/0x190 [ 20.576708][ T294] ? _raw_spin_unlock+0x4c/0x70 [ 20.581394][ T294] ? memset+0x35/0x40 [ 20.585215][ T294] ? bpf_obj_name_cpy+0x196/0x1e0 [ 20.590075][ T294] bpf_prog_load+0x1304/0x1bf0 [ 20.594767][ T294] ? map_freeze+0x3a0/0x3a0 [ 20.599105][ T294] ? selinux_bpf+0xcb/0x100 [ 20.603439][ T294] ? security_bpf+0x82/0xb0 [ 20.607779][ T294] __sys_bpf+0x52c/0x7f0 [ 20.611880][ T294] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 20.617079][ T294] ? __kasan_check_write+0x14/0x20 [ 20.622014][ T294] ? fpregs_restore_userregs+0x130/0x290 [ 20.627491][ T294] __x64_sys_bpf+0x7c/0x90 [ 20.631747][ T294] do_syscall_64+0x3d/0xb0 [ 20.635997][ T294] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.641722][ T294] RIP: 0033:0x7f4a48189629 [ 20.645973][ T294] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.665586][ T294] RSP: 002b:00007ffee168eab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_KPROBE, insn_cnt=12, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EACCES (Permission denied) exit_group(0) = ? +++ exited with 0 +++ [ 20.673917][ T294] RAX: ffffffffffffffda RBX: 00007ffee168ec88 RCX: 0000