================================================================================
UBSAN: Undefined behaviour in arch/x86/kernel/uprobes.c:276:56
index 4 is out of range for type 'insn_byte_t [4]'
CPU: 0 PID: 12661 Comm: syz-executor.5 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_out_of_bounds.cold+0x63/0x6f lib/ubsan.c:383
 is_prefix_bad arch/x86/kernel/uprobes.c:276 [inline]
 uprobe_init_insn arch/x86/kernel/uprobes.c:299 [inline]
 arch_uprobe_analyze_insn+0x9d8/0xaa0 arch/x86/kernel/uprobes.c:868
 prepare_uprobe kernel/events/uprobes.c:611 [inline]
 install_breakpoint kernel/events/uprobes.c:654 [inline]
 uprobe_mmap+0x8c2/0xa70 kernel/events/uprobes.c:1096
 mmap_region+0x552/0x1510 mm/mmap.c:1803
 do_mmap+0x8e8/0x1080 mm/mmap.c:1530
 do_mmap_pgoff include/linux/mm.h:2326 [inline]
 vm_mmap_pgoff+0x197/0x200 mm/util.c:357
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
 ksys_mmap_pgoff+0x2d1/0x660 mm/mmap.c:1580
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa6d76a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000021400 RCX: 000000000045de59
RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020007000
RBP: 000000000118bf78 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000412 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffc5eeb297f R14: 00007fa6d76a89c0 R15: 000000000118bf2c
================================================================================
syz-executor.0 (12667) used greatest stack depth: 23520 bytes left
audit: type=1800 audit(1602833197.473:9): pid=12713 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="file1" dev="sda1" ino=15922 res=0
audit: type=1804 audit(1602833198.053:10): pid=12768 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir069026772/syzkaller.o68bGi/346/file0" dev="sda1" ino=15976 res=1
audit: type=1804 audit(1602833198.103:11): pid=12768 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir069026772/syzkaller.o68bGi/346/file0" dev="sda1" ino=15976 res=1
audit: type=1804 audit(1602833200.803:12): pid=12799 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir123441392/syzkaller.dzukP2/373/file0" dev="sda1" ino=15985 res=1
audit: type=1804 audit(1602833200.863:13): pid=12799 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir123441392/syzkaller.dzukP2/373/file0" dev="sda1" ino=15985 res=1
audit: type=1804 audit(1602833200.873:14): pid=12804 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir069026772/syzkaller.o68bGi/347/file0" dev="sda1" ino=15766 res=1
audit: type=1804 audit(1602833201.023:15): pid=12810 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir069026772/syzkaller.o68bGi/347/file0" dev="sda1" ino=15766 res=1
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=65535 sclass=netlink_tcpdiag_socket pid=12830 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=65535 sclass=netlink_tcpdiag_socket pid=12830 comm=syz-executor.2
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.