[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.67' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 82.657541][ T37] audit: type=1400 audit(1616902527.633:8): avc: denied { execmem } for pid=8388 comm="syz-executor895" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 82.884626][ T8388] ================================================================================ [ 82.894668][ T8388] UBSAN: shift-out-of-bounds in kernel/bpf/core.c:1421:2 [ 82.901696][ T8388] shift exponent 248 is too large for 32-bit type 'unsigned int' [ 82.909426][ T8388] CPU: 1 PID: 8388 Comm: syz-executor895 Not tainted 5.12.0-rc4-syzkaller #0 [ 82.918177][ T8388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.928499][ T8388] Call Trace: [ 82.931771][ T8388] dump_stack+0x141/0x1d7 [ 82.936109][ T8388] ubsan_epilogue+0xb/0x5a [ 82.940536][ T8388] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 82.947320][ T8388] ? __bfs+0x720/0x720 [ 82.951402][ T8388] ? __free_zapped_classes+0x300/0x300 [ 82.956869][ T8388] ___bpf_prog_run.cold+0x20f/0x56c [ 82.962092][ T8388] __bpf_prog_run480+0x99/0xe0 [ 82.966855][ T8388] ? __bpf_prog_run512+0xe0/0xe0 [ 82.971806][ T8388] ? __bfs+0x298/0x720 [ 82.975864][ T8388] ? __lock_acquire+0xb43/0x54c0 [ 82.980907][ T8388] ? check_path.constprop.0+0x24/0x50 [ 82.986288][ T8388] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.992281][ T8388] ? lock_release+0x720/0x720 [ 82.996956][ T8388] ? lockdep_unlock+0x11c/0x290 [ 83.002250][ T8388] ? __lock_acquire+0x2506/0x54c0 [ 83.007268][ T8388] bpf_trace_run2+0x12f/0x390 [ 83.011937][ T8388] ? __bpf_trace_bpf_trace_printk+0xc0/0xc0 [ 83.017822][ T8388] __bpf_trace_tlb_flush+0xbd/0x100 [ 83.023020][ T8388] ? trace_raw_output_tlb_flush+0x120/0x120 [ 83.028924][ T8388] ? trace_tlb_flush+0x47/0x1c0 [ 83.033794][ T8388] trace_tlb_flush+0xe0/0x1c0 [ 83.038460][ T8388] switch_mm_irqs_off+0x48b/0x970 [ 83.043483][ T8388] ? kasan_check_range+0x13d/0x180 [ 83.048606][ T8388] ? trace_tlb_flush+0x4/0x1c0 [ 83.053670][ T8388] __text_poke+0x541/0x8c0 [ 83.058098][ T8388] ? text_poke_loc_init+0x3d0/0x3d0 [ 83.063303][ T8388] ? trace_tlb_flush+0x4/0x1c0 [ 83.068090][ T8388] ? trace_tlb_flush+0x4/0x1c0 [ 83.072860][ T8388] text_poke_bp_batch+0x187/0x550 [ 83.077878][ T8388] ? mutex_lock_io_nested+0xf70/0xf70 [ 83.083242][ T8388] ? alternatives_enable_smp+0xf0/0xf0 [ 83.088691][ T8388] ? mutex_lock_io_nested+0xf70/0xf70 [ 83.094487][ T8388] ? arch_jump_label_transform_queue+0x9f/0xf0 [ 83.100647][ T8388] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 83.107446][ T8388] ? __jump_label_update+0x351/0x400 [ 83.112737][ T8388] text_poke_finish+0x16/0x30 [ 83.117493][ T8388] arch_jump_label_transform_apply+0x13/0x20 [ 83.123479][ T8388] jump_label_update+0x1da/0x400 [ 83.128438][ T8388] static_key_enable_cpuslocked+0x1b1/0x260 [ 83.134322][ T8388] static_key_enable+0x16/0x20 [ 83.139071][ T8388] tracepoint_add_func+0x707/0xa90 [ 83.144188][ T8388] ? trace_raw_output_tlb_flush+0x120/0x120 [ 83.150079][ T8388] tracepoint_probe_register+0x9c/0xe0 [ 83.155713][ T8388] ? tracepoint_probe_register_prio+0xe0/0xe0 [ 83.161811][ T8388] ? trace_raw_output_tlb_flush+0x120/0x120 [ 83.168514][ T8388] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.174777][ T8388] ? anon_inode_getfile+0x14e/0x1e0 [ 83.179966][ T8388] bpf_probe_register+0x15a/0x1c0 [ 83.184987][ T8388] bpf_raw_tracepoint_open+0x34a/0x720 [ 83.190440][ T8388] ? bpf_tracing_prog_attach+0x9a0/0x9a0 [ 83.196069][ T8388] ? __might_fault+0xd3/0x180 [ 83.200753][ T8388] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 83.206656][ T8388] ? selinux_bpf+0xe7/0x120 [ 83.211317][ T8388] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.217554][ T8388] __do_sys_bpf+0x2586/0x4f40 [ 83.222231][ T8388] ? bpf_link_get_from_fd+0x110/0x110 [ 83.227606][ T8388] ? find_held_lock+0x2d/0x110 [ 83.232356][ T8388] ? __context_tracking_exit+0xb8/0xe0 [ 83.237804][ T8388] ? lock_downgrade+0x6e0/0x6e0 [ 83.242645][ T8388] ? syscall_enter_from_user_mode+0x27/0x70 [ 83.248529][ T8388] do_syscall_64+0x2d/0x70 [ 83.252952][ T8388] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.258843][ T8388] RIP: 0033:0x43f009 [ 83.262726][ T8388] Code: Unable to access opcode bytes at RIP 0x43efdf. [ 83.269567][ T8388] RSP: 002b:00007ffc64740b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 83.277992][ T8388] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f009 [ 83.285952][ T8388] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 83.293917][ T8388] RBP: 0000000000402ff0 R08: 0000000000000000 R09: 0000000000400488 [ 83.301883][ T8388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403080 [ 83.309864][ T8388] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 83.317841][ T8388] ================================================================================ [ 83.327108][ T8388] Kernel panic - not syncing: panic_on_warn set ... [ 83.333686][ T8388] CPU: 1 PID: 8388 Comm: syz-executor895 Not tainted 5.12.0-rc4-syzkaller #0 [ 83.342430][ T8388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.352610][ T8388] Call Trace: [ 83.355886][ T8388] dump_stack+0x141/0x1d7 [ 83.360206][ T8388] panic+0x306/0x73d [ 83.364090][ T8388] ? __warn_printk+0xf3/0xf3 [ 83.368667][ T8388] ? ubsan_epilogue+0x3e/0x5a [ 83.373440][ T8388] ubsan_epilogue+0x54/0x5a [ 83.377943][ T8388] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 83.384724][ T8388] ? __bfs+0x720/0x720 [ 83.388824][ T8388] ? __free_zapped_classes+0x300/0x300 [ 83.394274][ T8388] ___bpf_prog_run.cold+0x20f/0x56c [ 83.399461][ T8388] __bpf_prog_run480+0x99/0xe0 [ 83.404223][ T8388] ? __bpf_prog_run512+0xe0/0xe0 [ 83.409155][ T8388] ? __bfs+0x298/0x720 [ 83.413214][ T8388] ? __lock_acquire+0xb43/0x54c0 [ 83.418141][ T8388] ? check_path.constprop.0+0x24/0x50 [ 83.423502][ T8388] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 83.429559][ T8388] ? lock_release+0x720/0x720 [ 83.434225][ T8388] ? lockdep_unlock+0x11c/0x290 [ 83.439062][ T8388] ? __lock_acquire+0x2506/0x54c0 [ 83.444110][ T8388] bpf_trace_run2+0x12f/0x390 [ 83.448793][ T8388] ? __bpf_trace_bpf_trace_printk+0xc0/0xc0 [ 83.454673][ T8388] __bpf_trace_tlb_flush+0xbd/0x100 [ 83.459869][ T8388] ? trace_raw_output_tlb_flush+0x120/0x120 [ 83.465806][ T8388] ? trace_tlb_flush+0x47/0x1c0 [ 83.470677][ T8388] trace_tlb_flush+0xe0/0x1c0 [ 83.475350][ T8388] switch_mm_irqs_off+0x48b/0x970 [ 83.480391][ T8388] ? kasan_check_range+0x13d/0x180 [ 83.485500][ T8388] ? trace_tlb_flush+0x4/0x1c0 [ 83.490261][ T8388] __text_poke+0x541/0x8c0 [ 83.494672][ T8388] ? text_poke_loc_init+0x3d0/0x3d0 [ 83.499885][ T8388] ? trace_tlb_flush+0x4/0x1c0 [ 83.504653][ T8388] ? trace_tlb_flush+0x4/0x1c0 [ 83.509581][ T8388] text_poke_bp_batch+0x187/0x550 [ 83.514600][ T8388] ? mutex_lock_io_nested+0xf70/0xf70 [ 83.519959][ T8388] ? alternatives_enable_smp+0xf0/0xf0 [ 83.525413][ T8388] ? mutex_lock_io_nested+0xf70/0xf70 [ 83.530790][ T8388] ? arch_jump_label_transform_queue+0x9f/0xf0 [ 83.536948][ T8388] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 83.543380][ T8388] ? __jump_label_update+0x351/0x400 [ 83.548666][ T8388] text_poke_finish+0x16/0x30 [ 83.553337][ T8388] arch_jump_label_transform_apply+0x13/0x20 [ 83.559306][ T8388] jump_label_update+0x1da/0x400 [ 83.564689][ T8388] static_key_enable_cpuslocked+0x1b1/0x260 [ 83.570573][ T8388] static_key_enable+0x16/0x20 [ 83.575324][ T8388] tracepoint_add_func+0x707/0xa90 [ 83.580439][ T8388] ? trace_raw_output_tlb_flush+0x120/0x120 [ 83.586341][ T8388] tracepoint_probe_register+0x9c/0xe0 [ 83.591801][ T8388] ? tracepoint_probe_register_prio+0xe0/0xe0 [ 83.598318][ T8388] ? trace_raw_output_tlb_flush+0x120/0x120 [ 83.604983][ T8388] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.611230][ T8388] ? anon_inode_getfile+0x14e/0x1e0 [ 83.616422][ T8388] bpf_probe_register+0x15a/0x1c0 [ 83.621488][ T8388] bpf_raw_tracepoint_open+0x34a/0x720 [ 83.626959][ T8388] ? bpf_tracing_prog_attach+0x9a0/0x9a0 [ 83.632587][ T8388] ? __might_fault+0xd3/0x180 [ 83.637269][ T8388] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 83.643152][ T8388] ? selinux_bpf+0xe7/0x120 [ 83.647672][ T8388] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.653917][ T8388] __do_sys_bpf+0x2586/0x4f40 [ 83.658591][ T8388] ? bpf_link_get_from_fd+0x110/0x110 [ 83.663960][ T8388] ? find_held_lock+0x2d/0x110 [ 83.668725][ T8388] ? __context_tracking_exit+0xb8/0xe0 [ 83.674199][ T8388] ? lock_downgrade+0x6e0/0x6e0 [ 83.679087][ T8388] ? syscall_enter_from_user_mode+0x27/0x70 [ 83.684995][ T8388] do_syscall_64+0x2d/0x70 [ 83.689427][ T8388] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.695369][ T8388] RIP: 0033:0x43f009 [ 83.699258][ T8388] Code: Unable to access opcode bytes at RIP 0x43efdf. [ 83.706102][ T8388] RSP: 002b:00007ffc64740b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 83.714533][ T8388] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f009 [ 83.722508][ T8388] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 83.730750][ T8388] RBP: 0000000000402ff0 R08: 0000000000000000 R09: 0000000000400488 [ 83.738722][ T8388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403080 [ 83.746714][ T8388] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 83.755615][ T8388] Kernel Offset: disabled [ 83.760336][ T8388] Rebooting in 86400 seconds..