================================================================================ UBSAN: Undefined behaviour in arch/x86/kernel/uprobes.c:276:56 index 4 is out of range for type 'insn_byte_t [4]' CPU: 1 PID: 9922 Comm: syz-executor.1 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_out_of_bounds.cold+0x63/0x6f lib/ubsan.c:383 is_prefix_bad arch/x86/kernel/uprobes.c:276 [inline] uprobe_init_insn arch/x86/kernel/uprobes.c:299 [inline] arch_uprobe_analyze_insn+0x9d8/0xaa0 arch/x86/kernel/uprobes.c:868 prepare_uprobe kernel/events/uprobes.c:611 [inline] install_breakpoint kernel/events/uprobes.c:654 [inline] uprobe_mmap+0x8c2/0xa70 kernel/events/uprobes.c:1096 mmap_region+0x552/0x1510 mm/mmap.c:1803 do_mmap+0x8e8/0x1080 mm/mmap.c:1530 do_mmap_pgoff include/linux/mm.h:2326 [inline] vm_mmap_pgoff+0x197/0x200 mm/util.c:357 ksys_mmap_pgoff+0x2d1/0x660 mm/mmap.c:1580 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffa31650c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 0000000000021400 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020007000 RBP: 000000000118bf78 R08: 0000000000000003 R09: 0000000000000000 R10: 0000000000000412 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007fff5fbcdcdf R14: 00007ffa316519c0 R15: 000000000118bf2c ================================================================================ Bluetooth: hci0: command 0x041b tx timeout device wlan1 entered promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. device wlan1 left promiscuous mode Bluetooth: hci0: command 0x040f tx timeout Unable to determine destination address. device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready Unable to determine destination address. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored F2FS-fs (loop5): Unrecognized mount option "" or missing value F2FS-fs (loop5): Unrecognized mount option "" or missing value F2FS-fs (loop5): Unrecognized mount option "" or missing value F2FS-fs (loop5): Unrecognized mount option "" or missing value gfs2: gfs2 mount does not exist netlink: 'syz-executor.2': attribute type 29 has an invalid length. nla_parse: 3 callbacks suppressed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. gfs2: gfs2 mount does not exist EXT4-fs (loop5): Unsupported encryption level 141 netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read ldm_validate_partition_table(): Disk read failed. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read Dev loop0: unable to read RDB block 0 print_req_error: I/O error, dev loop0, sector 0 gfs2: gfs2 mount does not exist Buffer I/O error on dev loop0, logical block 0, async page read loop0: unable to read partition table loop0: partition table beyond EOD, truncated loop_reread_partitions: partition scan of loop0 (JpfQT)[qZ;(q-M) failed (rc=-5) netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. audit: type=1804 audit(1602495210.268:29): pid=10168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir910506588/syzkaller.43UoDY/30/file0" dev="sda1" ino=15942 res=1 Bluetooth: hci0: command 0x0419 tx timeout audit: type=1800 audit(1602495210.278:30): pid=10168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15942 res=0 audit: type=1804 audit(1602495210.278:31): pid=10168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir910506588/syzkaller.43UoDY/30/file0" dev="sda1" ino=15942 res=1 audit: type=1804 audit(1602495210.278:32): pid=10168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir910506588/syzkaller.43UoDY/30/file0" dev="sda1" ino=15942 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. device ipvlan1 entered promiscuous mode team0: Device ipvlan1 failed to register rx_handler audit: type=1800 audit(1602495210.818:33): pid=10184 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15942 res=0 audit: type=1804 audit(1602495210.858:34): pid=10184 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir910506588/syzkaller.43UoDY/30/file0" dev="sda1" ino=15942 res=1 audit: type=1804 audit(1602495210.878:35): pid=10168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir910506588/syzkaller.43UoDY/30/file0" dev="sda1" ino=15942 res=1 overlayfs: upper fs is r/o, try multi-lower layers mount overlayfs: upper fs is r/o, try multi-lower layers mount team0: Device ipvlan1 failed to register rx_handler BFS-fs: bfs_fill_super(): loop5 is unclean, continuing BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted SELinux: unrecognized netlink message: protocol=0 nlmsg_type=58880 sclass=netlink_route_socket pid=10285 comm=syz-executor.4 BFS-fs: bfs_fill_super(): loop5 is unclean, continuing BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted EXT4-fs (loop2): Unrecognized mount option "gta=./file0" or missing value qfq: no options EXT4-fs (loop2): Unrecognized mount option "gta=./file0" or missing value gfs2: invalid mount option: rrplvb gfs2: can't parse mount arguments UDF-fs: bad mount option "fowner<18446744073709551615" or missing value gfs2: invalid mount option: rrplvb gfs2: can't parse mount arguments audit: type=1800 audit(1602495213.758:36): pid=10375 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.4" name="cgroup.controllers" dev="sda1" ino=15953 res=0 audit: type=1804 audit(1602495213.808:37): pid=10383 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir761655925/syzkaller.E5Or8a/37/cgroup.controllers" dev="sda1" ino=15953 res=1