The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the printbpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.