u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 33.996347][ T28] audit: type=1400 audit(1704433404.340:155): avc: denied { siginh } for pid=321 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.241' (ED25519) to the list of known hosts. 2024/01/05 05:43:32 ignoring optional flag "sandboxArg"="0" 2024/01/05 05:43:32 parsed 1 programs [ 41.829064][ T28] audit: type=1400 audit(1704433412.240:156): avc: denied { mounton } for pid=343 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.855337][ T28] audit: type=1400 audit(1704433412.240:157): avc: denied { mount } for pid=343 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.888648][ T28] audit: type=1400 audit(1704433412.300:158): avc: denied { unlink } for pid=343 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/01/05 05:43:32 executed programs: 0 [ 41.960459][ T343] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 42.018999][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.026393][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.034186][ T348] device bridge_slave_0 entered promiscuous mode [ 42.040948][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.047800][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.055259][ T348] device bridge_slave_1 entered promiscuous mode [ 42.099471][ T28] audit: type=1400 audit(1704433412.510:159): avc: denied { write } for pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 42.105450][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.120322][ T28] audit: type=1400 audit(1704433412.510:160): avc: denied { read } for pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 42.127372][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.127494][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.162916][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.183438][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.190779][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.198031][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.205246][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.214091][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.222269][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.229129][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.248512][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.256618][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.265245][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.272345][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.279605][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.288150][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.300373][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.308392][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.315781][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.324222][ T348] device veth0_vlan entered promiscuous mode [ 42.335651][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.345885][ T348] device veth1_macvtap entered promiscuous mode [ 42.357849][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.366166][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.380794][ T28] audit: type=1400 audit(1704433412.790:161): avc: denied { mounton } for pid=348 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=370 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 42.413088][ T28] audit: type=1400 audit(1704433412.820:162): avc: denied { bpf } for pid=352 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 42.437147][ T354] ================================================================================ [ 42.439410][ T28] audit: type=1400 audit(1704433412.820:163): avc: denied { prog_load } for pid=352 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 42.446397][ T354] UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:9205:63 [ 42.465948][ T28] audit: type=1400 audit(1704433412.820:164): avc: denied { perfmon } for pid=352 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 42.474223][ T354] shift exponent 1073741824 is too large for 32-bit type 's32' (aka 'int') [ 42.503262][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Not tainted 6.1.57-syzkaller-1150592-ged9b660cd1ad #0 [ 42.513535][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 42.523577][ T354] Call Trace: [ 42.526788][ T354] [ 42.529577][ T354] dump_stack_lvl+0x151/0x1b7 [ 42.534078][ T354] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 42.539375][ T354] ? stack_trace_snprint+0xf0/0xf0 [ 42.544320][ T354] dump_stack+0x15/0x17 [ 42.548402][ T354] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 42.554675][ T354] scalar32_min_max_arsh+0x622/0x6c0 [ 42.559860][ T354] ? adjust_reg_min_max_vals+0x7b6/0x6360 [ 42.565497][ T354] adjust_reg_min_max_vals+0x3d20/0x6360 [ 42.571073][ T354] ? zext_32_to_64+0x290/0x290 [ 42.575877][ T354] ? find_equal_scalars+0x1a0/0x7c0 [ 42.580903][ T354] ? check_reg_arg+0x436/0x840 [ 42.585869][ T354] do_check+0x8e35/0xdd60 [ 42.590162][ T354] ? init_func_state+0x3c0/0x3c0 [ 42.595103][ T354] ? memset+0x35/0x40 [ 42.598892][ T354] ? btf_check_subprog_arg_match+0x182/0x300 [ 42.604793][ T354] do_check_common+0x6ce/0xed0 [ 42.609393][ T354] bpf_check+0x66e6/0x16500 [ 42.613730][ T354] ? stack_depot_save+0x13/0x20 [ 42.618419][ T354] ? strscpy+0x9c/0x260 [ 42.622495][ T354] ? __kasan_check_write+0x14/0x20 [ 42.627700][ T354] ? __set_page_owner_handle+0x38a/0x3d0 [ 42.633234][ T354] ? page_ext_put+0x1c/0x30 [ 42.637683][ T354] ? __set_page_owner+0x53/0x70 [ 42.642343][ T354] ? prep_new_page+0x1b/0x110 [ 42.647033][ T354] ? get_page_from_freelist+0x27ea/0x2870 [ 42.652967][ T354] ? unwind_get_return_address+0x4d/0x90 [ 42.658546][ T354] ? __kasan_check_write+0x14/0x20 [ 42.663662][ T354] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 42.669247][ T354] ? bpf_get_btf_vmlinux+0x20/0x20 [ 42.674211][ T354] ? is_bpf_text_address+0x172/0x190 [ 42.679393][ T354] ? is_module_text_address+0x1e0/0x360 [ 42.684775][ T354] ? stack_trace_save+0x1c0/0x1c0 [ 42.689717][ T354] ? kernel_text_address+0xa9/0xe0 [ 42.694762][ T354] ? __kernel_text_address+0xd/0x40 [ 42.699966][ T354] ? unwind_get_return_address+0x4d/0x90 [ 42.705434][ T354] ? __kasan_check_write+0x14/0x20 [ 42.711081][ T354] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 42.716708][ T354] ? _raw_spin_lock+0x1b0/0x1b0 [ 42.721616][ T354] ? stack_trace_save+0x113/0x1c0 [ 42.726901][ T354] ? stack_trace_snprint+0xf0/0xf0 [ 42.732006][ T354] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 42.737623][ T354] ? __stack_depot_save+0x419/0x480 [ 42.742653][ T354] ? selinux_bpf_prog_alloc+0x51/0x140 [ 42.747980][ T354] ? kasan_set_track+0x60/0x70 [ 42.752742][ T354] ? kasan_set_track+0x4b/0x70 [ 42.757489][ T354] ? kasan_save_alloc_info+0x1f/0x30 [ 42.762768][ T354] ? __kasan_kmalloc+0x9c/0xb0 [ 42.767453][ T354] ? kmalloc_trace+0x44/0xa0 [ 42.771884][ T354] ? selinux_bpf_prog_alloc+0x51/0x140 [ 42.777263][ T354] ? security_bpf_prog_alloc+0x62/0x90 [ 42.782849][ T354] ? bpf_prog_load+0xa6a/0x1bf0 [ 42.787631][ T354] ? __sys_bpf+0x52c/0x7f0 [ 42.791873][ T354] ? __x64_sys_bpf+0x7c/0x90 [ 42.796413][ T354] ? do_syscall_64+0x3d/0xb0 [ 42.800928][ T354] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.806834][ T354] ? __kasan_check_write+0x14/0x20 [ 42.811779][ T354] ? _raw_spin_lock+0xa4/0x1b0 [ 42.816844][ T354] ? _raw_spin_trylock_bh+0x190/0x190 [ 42.822489][ T354] ? _raw_spin_unlock+0x4c/0x70 [ 42.827547][ T354] ? memset+0x35/0x40 [ 42.831502][ T354] ? bpf_obj_name_cpy+0x196/0x1e0 [ 42.836504][ T354] bpf_prog_load+0x1304/0x1bf0 [ 42.841119][ T354] ? map_freeze+0x3a0/0x3a0 [ 42.845687][ T354] ? selinux_bpf+0xcb/0x100 [ 42.850111][ T354] ? security_bpf+0x82/0xb0 [ 42.854450][ T354] __sys_bpf+0x52c/0x7f0 [ 42.858799][ T354] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 42.864082][ T354] ? __kasan_check_write+0x14/0x20 [ 42.869040][ T354] ? debug_smp_processor_id+0x17/0x20 [ 42.874227][ T354] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 42.880268][ T354] __x64_sys_bpf+0x7c/0x90 [ 42.884777][ T354] do_syscall_64+0x3d/0xb0 [ 42.891800][ T354] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.897526][ T354] RIP: 0033:0x7f693a27cce9 [ 42.901911][ T354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.921933][ T354] RSP: 002b:00007f693b06b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 42.930438][ T354] RAX: ffffffffffffffda RBX: 00007f693a39bf80 RCX: 00007f693a27cce9 [ 42.938241][ T354] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005 [ 42.946272][ T354] RBP: 00007f693a2c947a R08: 0000000000000000 R09: 0000000000000000 [ 42.954392][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.962303][ T354] R13: 000000000000000b R14: 00007f693a39bf80 R15: 00007ffc0a3657d8 [ 42.970268][ T354] [ 42.974487][ T354] ================================================================================ [ 42.983847][ T354] ================================================================================ [ 42.993709][ T354] UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:9206:63 [ 43.001408][ T354] shift exponent 1073741824 is too large for 32-bit type 's32' (aka 'int') [ 43.010059][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Not tainted 6.1.57-syzkaller-1150592-ged9b660cd1ad #0 [ 43.020265][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 43.030247][ T354] Call Trace: [ 43.033380][ T354] [ 43.036609][ T354] dump_stack_lvl+0x151/0x1b7 [ 43.041182][ T354] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 43.046587][ T354] ? stack_trace_snprint+0xf0/0xf0 [ 43.051715][ T354] dump_stack+0x15/0x17 [ 43.055888][ T354] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 43.062338][ T354] scalar32_min_max_arsh+0x676/0x6c0 [ 43.067833][ T354] ? adjust_reg_min_max_vals+0x7b6/0x6360 [ 43.073358][ T354] adjust_reg_min_max_vals+0x3d20/0x6360 [ 43.079197][ T354] ? zext_32_to_64+0x290/0x290 [ 43.083880][ T354] ? find_equal_scalars+0x1a0/0x7c0 [ 43.088932][ T354] ? check_reg_arg+0x436/0x840 [ 43.093891][ T354] do_check+0x8e35/0xdd60 [ 43.098171][ T354] ? init_func_state+0x3c0/0x3c0 [ 43.104008][ T354] ? memset+0x35/0x40 [ 43.108091][ T354] ? btf_check_subprog_arg_match+0x182/0x300 [ 43.113964][ T354] do_check_common+0x6ce/0xed0 [ 43.118633][ T354] bpf_check+0x66e6/0x16500 [ 43.122895][ T354] ? stack_depot_save+0x13/0x20 [ 43.127582][ T354] ? strscpy+0x9c/0x260 [ 43.131660][ T354] ? __kasan_check_write+0x14/0x20 [ 43.136696][ T354] ? __set_page_owner_handle+0x38a/0x3d0 [ 43.142163][ T354] ? page_ext_put+0x1c/0x30 [ 43.146502][ T354] ? __set_page_owner+0x53/0x70 [ 43.151283][ T354] ? prep_new_page+0x1b/0x110 [ 43.155800][ T354] ? get_page_from_freelist+0x27ea/0x2870 [ 43.161447][ T354] ? unwind_get_return_address+0x4d/0x90 [ 43.166945][ T354] ? __kasan_check_write+0x14/0x20 [ 43.171858][ T354] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 43.177158][ T354] ? bpf_get_btf_vmlinux+0x20/0x20 [ 43.182186][ T354] ? is_bpf_text_address+0x172/0x190 [ 43.187417][ T354] ? is_module_text_address+0x1e0/0x360 [ 43.192927][ T354] ? stack_trace_save+0x1c0/0x1c0 [ 43.197744][ T354] ? kernel_text_address+0xa9/0xe0 [ 43.202793][ T354] ? __kernel_text_address+0xd/0x40 [ 43.207822][ T354] ? unwind_get_return_address+0x4d/0x90 [ 43.213588][ T354] ? __kasan_check_write+0x14/0x20 [ 43.218584][ T354] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 43.224082][ T354] ? _raw_spin_lock+0x1b0/0x1b0 [ 43.228766][ T354] ? stack_trace_save+0x113/0x1c0 [ 43.233624][ T354] ? stack_trace_snprint+0xf0/0xf0 [ 43.238661][ T354] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 43.244309][ T354] ? __stack_depot_save+0x419/0x480 [ 43.249337][ T354] ? selinux_bpf_prog_alloc+0x51/0x140 [ 43.254719][ T354] ? kasan_set_track+0x60/0x70 [ 43.259493][ T354] ? kasan_set_track+0x4b/0x70 [ 43.264185][ T354] ? kasan_save_alloc_info+0x1f/0x30 [ 43.269409][ T354] ? __kasan_kmalloc+0x9c/0xb0 [ 43.274005][ T354] ? kmalloc_trace+0x44/0xa0 [ 43.278519][ T354] ? selinux_bpf_prog_alloc+0x51/0x140 [ 43.284102][ T354] ? security_bpf_prog_alloc+0x62/0x90 [ 43.289750][ T354] ? bpf_prog_load+0xa6a/0x1bf0 [ 43.294428][ T354] ? __sys_bpf+0x52c/0x7f0 [ 43.298685][ T354] ? __x64_sys_bpf+0x7c/0x90 [ 43.303193][ T354] ? do_syscall_64+0x3d/0xb0 [ 43.307621][ T354] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.313712][ T354] ? __kasan_check_write+0x14/0x20 [ 43.318639][ T354] ? _raw_spin_lock+0xa4/0x1b0 [ 43.323243][ T354] ? _raw_spin_trylock_bh+0x190/0x190 [ 43.328450][ T354] ? _raw_spin_unlock+0x4c/0x70 [ 43.333230][ T354] ? memset+0x35/0x40 [ 43.337046][ T354] ? bpf_obj_name_cpy+0x196/0x1e0 [ 43.342154][ T354] bpf_prog_load+0x1304/0x1bf0 [ 43.346801][ T354] ? map_freeze+0x3a0/0x3a0 [ 43.351141][ T354] ? selinux_bpf+0xcb/0x100 [ 43.355593][ T354] ? security_bpf+0x82/0xb0 [ 43.360085][ T354] __sys_bpf+0x52c/0x7f0 [ 43.364637][ T354] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 43.369838][ T354] ? __kasan_check_write+0x14/0x20 [ 43.375330][ T354] ? debug_smp_processor_id+0x17/0x20 [ 43.380558][ T354] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 43.386868][ T354] __x64_sys_bpf+0x7c/0x90 [ 43.391289][ T354] do_syscall_64+0x3d/0xb0 [ 43.395540][ T354] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.401275][ T354] RIP: 0033:0x7f693a27cce9 [ 43.406045][ T354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.426560][ T354] RSP: 002b:00007f693b06b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 43.434788][ T354] RAX: ffffffffffffffda RBX: 00007f693a39bf80 RCX: 00007f693a27cce9 [ 43.442593][ T354] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005 [ 43.450492][ T354] RBP: 00007f693a2c947a R08: 0000000000000000 R09: 0000000000000000 [ 43.458668][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.466660][ T354] R13: 000000000000000b R14: 00007f693a39bf80 R15: 00007ffc0a3657d8 [ 43.474921][ T354] [ 43.478760][ T354] ================================================================================ [ 43.538726][ T28] audit: type=1400 audit(1704433413.950:165): avc: denied { prog_run } for pid=356 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 2024/01/05 05:43:37 executed programs: 75 2024/01/05 05:43:42 executed programs: 183