==================================================================
kasan: CONFIG_KASAN_INLINE enabled
BUG: KASAN: stack-out-of-bounds in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
BUG: KASAN: stack-out-of-bounds in refcount_inc_not_zero_checked+0x97/0x2f0 lib/refcount.c:120
Read of size 4 at addr ffff8881da9c0bf0 by task udevd/9390
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9390 Comm: udevd Not tainted 4.20.0-rc4+ #335
CPU: 0 PID: 12832 Comm: syz-executor5 Not tainted 4.20.0-rc4+ #335
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405
Call Trace:
------------[ cut here ]------------
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x39d lib/dump_stack.c:113
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object '@' (offset 18446744069951467104, size 64)!
WARNING: CPU: 0 PID: 12832 at mm/usercopy.c:83 usercopy_warn+0xee/0x110 mm/usercopy.c:78
Kernel panic - not syncing: panic_on_warn set ...
print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272
atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
refcount_inc_not_zero_checked+0x97/0x2f0 lib/refcount.c:120
refcount_inc_checked+0x15/0x70 lib/refcount.c:153
kref_get include/linux/kref.h:47 [inline]
aa_get_label security/apparmor/include/label.h:387 [inline]
aa_get_newest_label security/apparmor/include/label.h:441 [inline]
apparmor_cred_prepare+0x307/0x5a0 security/apparmor/lsm.c:80
security_prepare_creds+0x60/0xc0 security/security.c:1022
prepare_creds+0x3b9/0x4d0 kernel/cred.c:278
do_coredump+0x52f/0x4001 fs/coredump.c:574
get_signal+0x9ee/0x1980 kernel/signal.c:2511
do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
exit_to_usermode_loop+0x2e5/0x380 arch/x86/entry/common.c:162
prepare_exit_to_usermode+0x342/0x3b0 arch/x86/entry/common.c:197
retint_user+0x8/0x18
RIP: 0033:0x7fc8e7ac5947
Code: 88 ff ff 89 11 48 83 00 00 00 00 c8 f9 c8 da 81 88 ff ff 50 67 56 b6 81 88 ff ff 58 67 56 b6 81 88 ff ff 42 67 56 b6 81 88 ff <ff> 80 66 56 b6 81 88 ff ff 2d 1f 59 3b 10 f1 ff 1f 01 00 00 00 ff
RSP: 002b:00007ffd9f861fe8 EFLAGS: 00010246
RAX: 0000000000000001 RBX: 0000000001b23440 RCX: 00007fc8e7ac5943
RDX: 0000000000008104 RSI: 00007ffd9f862040 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
R13: 0000000001b23d60 R14: 0000000001b23250 R15: 000000000000000b
The buggy address belongs to the object at ffff8881da9c0040
which belongs to the cache of size -30591
The buggy address is located 33583 bytes to the right of
-30591-byte region [ffff8881da9c0040, ffff8881da9b88c1)
The buggy address belongs to the page:
page:ffffea00076a7000 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0x0 compound_mapcount: 0
flags: 0x2fffc0000010200(slab|head)
raw: 02fffc0000010200 ffffea00076a4108 ffffea0007650a08 ffff8881da800ac0
raw: 0000000000000000 ffff8881da9c0040 0000000100000007 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881da9c0a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
ffff8881da9c0b00: f1 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 00 00 00
>ffff8881da9c0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
^
ffff8881da9c0c00: f1 f8 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00
ffff8881da9c0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00
==================================================================
Kernel Offset: disabled
Rebooting in 86400 seconds..