./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2628761134
<...>
Warning: Permanently added '10.128.0.110' (ED25519) to the list of known hosts.
execve("./syz-executor2628761134", ["./syz-executor2628761134"], 0x7ffc76157270 /* 10 vars */) = 0
brk(NULL) = 0x55555617b000
brk(0x55555617bd00) = 0x55555617bd00
arch_prctl(ARCH_SET_FS, 0x55555617b380) = 0
set_tid_address(0x55555617b650) = 295
set_robust_list(0x55555617b660, 24) = 0
rseq(0x55555617bca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2628761134", 4096) = 28
getrandom("\xdb\xb3\x8c\x90\xb3\xb7\xa7\xb7", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555617bd00
brk(0x55555619cd00) = 0x55555619cd00
brk(0x55555619d000) = 0x55555619d000
mprotect(0x7f7ba6086000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[ 21.893461][ T28] audit: type=1400 audit(1703222801.957:66): avc: denied { execmem } for pid=295 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 21.912465][ T295] ================================================================================
[ 21.912826][ T28] audit: type=1400 audit(1703222801.957:67): avc: denied { bpf } for pid=295 comm="syz-executor262" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 21.921857][ T295] UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:9205:63
[ 21.944096][ T28] audit: type=1400 audit(1703222801.957:68): avc: denied { prog_load } for pid=295 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 21.951027][ T295] shift exponent 1073741824 is too large for 32-bit type 's32' (aka 'int')
[ 21.970634][ T28] audit: type=1400 audit(1703222801.957:69): avc: denied { perfmon } for pid=295 comm="syz-executor262" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 21.999198][ T295] CPU: 1 PID: 295 Comm: syz-executor262 Not tainted 6.1.57-syzkaller-00064-g30bca9e2785b #0
[ 22.009072][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 22.018975][ T295] Call Trace:
[ 22.022097][ T295] <TASK>
[ 22.024875][ T295] dump_stack_lvl+0x151/0x1b7
[ 22.029470][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 22.034775][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 22.039720][ T295] dump_stack+0x15/0x17
[ 22.043884][ T295] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440
[ 22.050121][ T295] scalar32_min_max_arsh+0x622/0x6c0
[ 22.055240][ T295] ? adjust_reg_min_max_vals+0x7b6/0x6360
[ 22.060882][ T295] adjust_reg_min_max_vals+0x3d20/0x6360
[ 22.066352][ T295] ? zext_32_to_64+0x290/0x290
[ 22.071046][ T295] ? find_equal_scalars+0x1a0/0x7c0
[ 22.076076][ T295] ? check_reg_arg+0x436/0x840
[ 22.080679][ T295] do_check+0x8e35/0xdd60
[ 22.084851][ T295] ? init_func_state+0x3c0/0x3c0
[ 22.089711][ T295] ? memset+0x35/0x40
[ 22.093533][ T295] ? btf_check_subprog_arg_match+0x182/0x300
[ 22.099339][ T295] do_check_common+0x6ce/0xed0
[ 22.103971][ T295] bpf_check+0x673b/0x16560
[ 22.108860][ T295] ? stack_depot_save+0x13/0x20
[ 22.113587][ T295] ? __kasan_check_write+0x14/0x20
[ 22.118521][ T295] ? __set_page_owner_handle+0x38a/0x3d0
[ 22.123995][ T295] ? page_ext_put+0x1c/0x30
[ 22.128327][ T295] ? __set_page_owner+0x53/0x70
[ 22.133015][ T295] ? post_alloc_hook+0x213/0x220
[ 22.137786][ T295] ? prep_new_page+0x1b/0x110
[ 22.142298][ T295] ? get_page_from_freelist+0x27ea/0x2870
[ 22.147854][ T295] ? unwind_get_return_address+0x4d/0x90
[ 22.153321][ T295] ? __kasan_check_write+0x14/0x20
[ 22.158269][ T295] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 22.163568][ T295] ? bpf_get_btf_vmlinux+0x60/0x60
[ 22.168513][ T295] ? is_bpf_text_address+0x172/0x190
[ 22.173628][ T295] ? is_module_text_address+0x200/0x360
[ 22.179010][ T295] ? stack_trace_save+0x1c0/0x1c0
[ 22.183874][ T295] ? kernel_text_address+0xa9/0xe0
[ 22.188819][ T295] ? __kernel_text_address+0xd/0x40
[ 22.193888][ T295] ? unwind_get_return_address+0x4d/0x90
[ 22.199342][ T295] ? __kasan_check_write+0x14/0x20
[ 22.204268][ T295] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 22.209679][ T295] ? _raw_spin_lock+0x1b0/0x1b0
[ 22.214362][ T295] ? stack_trace_save+0x113/0x1c0
[ 22.219226][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 22.224160][ T295] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 22.229802][ T295] ? __stack_depot_save+0x419/0x480
[ 22.234844][ T295] ? selinux_bpf_prog_alloc+0x51/0x140
[ 22.242127][ T295] ? kasan_set_track+0x60/0x70
[ 22.246736][ T295] ? kasan_set_track+0x4b/0x70
[ 22.251412][ T295] ? kasan_save_alloc_info+0x1f/0x30
[ 22.256535][ T295] ? __kasan_kmalloc+0x9c/0xb0
[ 22.261135][ T295] ? kmalloc_trace+0x44/0xa0
[ 22.265560][ T295] ? selinux_bpf_prog_alloc+0x51/0x140
[ 22.270854][ T295] ? security_bpf_prog_alloc+0x62/0x90
[ 22.276148][ T295] ? bpf_prog_load+0xa6a/0x1bf0
[ 22.280834][ T295] ? __sys_bpf+0x52c/0x7f0
[ 22.285087][ T295] ? __x64_sys_bpf+0x7c/0x90
[ 22.289514][ T295] ? do_syscall_64+0x3d/0xb0
[ 22.294453][ T295] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 22.300443][ T295] ? __kasan_check_write+0x14/0x20
[ 22.305391][ T295] ? _raw_spin_lock+0xa4/0x1b0
[ 22.310255][ T295] ? _raw_spin_trylock_bh+0x190/0x190
[ 22.315553][ T295] ? _raw_spin_unlock+0x4c/0x70
[ 22.320240][ T295] ? memset+0x35/0x40
[ 22.324054][ T295] ? bpf_obj_name_cpy+0x196/0x1e0
[ 22.328918][ T295] bpf_prog_load+0x1304/0x1bf0
[ 22.333519][ T295] ? map_freeze+0x3a0/0x3a0
[ 22.337861][ T295] ? selinux_bpf+0xcb/0x100
[ 22.342199][ T295] ? security_bpf+0x82/0xb0
[ 22.346537][ T295] __sys_bpf+0x52c/0x7f0
[ 22.350615][ T295] ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 22.355823][ T295] ? debug_smp_processor_id+0x17/0x20
[ 22.361028][ T295] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 22.366938][ T295] ? exit_to_user_mode_prepare+0x39/0xa0
[ 22.372401][ T295] __x64_sys_bpf+0x7c/0x90
[ 22.376657][ T295] do_syscall_64+0x3d/0xb0
[ 22.380907][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 22.386633][ T295] RIP: 0033:0x7f7ba60133e9
[ 22.390888][ T295] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 22.410332][ T295] RSP: 002b:00007ffd999dc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 22.418570][ T295] RAX: ffffffffffffffda RBX: 00007ffd999dc368 RCX: 00007f7ba60133e9
[ 22.426385][ T295] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[ 22.434195][ T295] RBP: 00007f7ba6086610 R08: 0000000000000000 R09: 0000000000000000
[ 22.442090][ T295] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[ 22.449905][ T295] R13: 00007ffd999dc358 R14: 0000000000000001 R15: 0000000000000001
[ 22.457724][ T295] </TASK>
[ 22.460838][ T295] ================================================================================
[ 22.469983][ T295] ================================================================================
[ 22.479232][ T295] UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:9206:63
[ 22.486560][ T295] shift exponent 1073741824 is too large for 32-bit type 's32' (aka 'int')
[ 22.494918][ T295] CPU: 1 PID: 295 Comm: syz-executor262 Not tainted 6.1.57-syzkaller-00064-g30bca9e2785b #0
[ 22.504807][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 22.514701][ T295] Call Trace:
[ 22.517825][ T295] <TASK>
[ 22.520692][ T295] dump_stack_lvl+0x151/0x1b7
[ 22.525202][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 22.530497][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 22.535447][ T295] dump_stack+0x15/0x17
[ 22.539438][ T295] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440
[ 22.545686][ T295] scalar32_min_max_arsh+0x676/0x6c0
[ 22.550813][ T295] ? adjust_reg_min_max_vals+0x7b6/0x6360
[ 22.556363][ T295] adjust_reg_min_max_vals+0x3d20/0x6360
[ 22.561849][ T295] ? zext_32_to_64+0x290/0x290
[ 22.566888][ T295] ? find_equal_scalars+0x1a0/0x7c0
[ 22.571921][ T295] ? check_reg_arg+0x436/0x840
[ 22.576520][ T295] do_check+0x8e35/0xdd60
[ 22.580691][ T295] ? init_func_state+0x3c0/0x3c0
[ 22.585461][ T295] ? memset+0x35/0x40
[ 22.589280][ T295] ? btf_check_subprog_arg_match+0x182/0x300
[ 22.595219][ T295] do_check_common+0x6ce/0xed0
[ 22.599816][ T295] bpf_check+0x673b/0x16560
[ 22.604170][ T295] ? stack_depot_save+0x13/0x20
[ 22.608834][ T295] ? __kasan_check_write+0x14/0x20
[ 22.613778][ T295] ? __set_page_owner_handle+0x38a/0x3d0
[ 22.619248][ T295] ? page_ext_put+0x1c/0x30
[ 22.623589][ T295] ? __set_page_owner+0x53/0x70
[ 22.628273][ T295] ? post_alloc_hook+0x213/0x220
[ 22.633048][ T295] ? prep_new_page+0x1b/0x110
[ 22.637656][ T295] ? get_page_from_freelist+0x27ea/0x2870
[ 22.643204][ T295] ? unwind_get_return_address+0x4d/0x90
[ 22.648680][ T295] ? __kasan_check_write+0x14/0x20
[ 22.653616][ T295] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 22.659009][ T295] ? bpf_get_btf_vmlinux+0x60/0x60
[ 22.663948][ T295] ? is_bpf_text_address+0x172/0x190
[ 22.669066][ T295] ? is_module_text_address+0x200/0x360
[ 22.674446][ T295] ? stack_trace_save+0x1c0/0x1c0
[ 22.679306][ T295] ? kernel_text_address+0xa9/0xe0
[ 22.684264][ T295] ? __kernel_text_address+0xd/0x40
[ 22.689289][ T295] ? unwind_get_return_address+0x4d/0x90
[ 22.694758][ T295] ? __kasan_check_write+0x14/0x20
[ 22.699709][ T295] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 22.704998][ T295] ? _raw_spin_lock+0x1b0/0x1b0
[ 22.709695][ T295] ? stack_trace_save+0x113/0x1c0
[ 22.714548][ T295] ? stack_trace_snprint+0xf0/0xf0
[ 22.719609][ T295] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 22.725244][ T295] ? __stack_depot_save+0x419/0x480
[ 22.730318][ T295] ? selinux_bpf_prog_alloc+0x51/0x140
[ 22.735653][ T295] ? kasan_set_track+0x60/0x70
[ 22.740251][ T295] ? kasan_set_track+0x4b/0x70
[ 22.744880][ T295] ? kasan_save_alloc_info+0x1f/0x30
[ 22.749974][ T295] ? __kasan_kmalloc+0x9c/0xb0
[ 22.754573][ T295] ? kmalloc_trace+0x44/0xa0
[ 22.758996][ T295] ? selinux_bpf_prog_alloc+0x51/0x140
[ 22.764417][ T295] ? security_bpf_prog_alloc+0x62/0x90
[ 22.769820][ T295] ? bpf_prog_load+0xa6a/0x1bf0
[ 22.774507][ T295] ? __sys_bpf+0x52c/0x7f0
[ 22.778749][ T295] ? __x64_sys_bpf+0x7c/0x90
[ 22.783176][ T295] ? do_syscall_64+0x3d/0xb0
[ 22.787603][ T295] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 22.793597][ T295] ? __kasan_check_write+0x14/0x20
[ 22.798541][ T295] ? _raw_spin_lock+0xa4/0x1b0
[ 22.803141][ T295] ? _raw_spin_trylock_bh+0x190/0x190
[ 22.808405][ T295] ? _raw_spin_unlock+0x4c/0x70
[ 22.813049][ T295] ? memset+0x35/0x40
[ 22.816851][ T295] ? bpf_obj_name_cpy+0x196/0x1e0
[ 22.821719][ T295] bpf_prog_load+0x1304/0x1bf0
[ 22.826314][ T295] ? map_freeze+0x3a0/0x3a0
[ 22.830655][ T295] ? selinux_bpf+0xcb/0x100
[ 22.834990][ T295] ? security_bpf+0x82/0xb0
[ 22.839331][ T295] __sys_bpf+0x52c/0x7f0
[ 22.843409][ T295] ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 22.848618][ T295] ? debug_smp_processor_id+0x17/0x20
[ 22.853834][ T295] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 22.859727][ T295] ? exit_to_user_mode_prepare+0x39/0xa0
[ 22.865194][ T295] __x64_sys_bpf+0x7c/0x90
[ 22.869447][ T295] do_syscall_64+0x3d/0xb0
[ 22.873785][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 22.879513][ T295] RIP: 0033:0x7f7ba60133e9
[ 22.883767][ T295] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 22.903222][ T295] RSP: 002b:00007ffd999dc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 22.911454][ T295] RAX: ffffffffffffffda RBX: 00007ffd999dc368 RCX: 00007f7ba60133e9
[ 22.919352][ T295] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[ 22.927274][ T295] RBP: 00007f7ba6086610 R08: 0000000000000000 R09: 0000000000000000
[ 22.935082][ T295] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_KPROBE, insn_cnt=22, insns=0x20000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3
exit_group(0) = ?
+++ exited with 0 +++
[ 22.942922][ T295] R13: 00007ffd999dc358 R14: 00000000000