================================================================== kasan: CONFIG_KASAN_INLINE enabled BUG: KASAN: stack-out-of-bounds in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] BUG: KASAN: stack-out-of-bounds in refcount_inc_not_zero_checked+0x97/0x2f0 lib/refcount.c:120 Read of size 4 at addr ffff8881da9c0bf0 by task udevd/9390 kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9390 Comm: udevd Not tainted 4.20.0-rc4+ #335 CPU: 0 PID: 12832 Comm: syz-executor5 Not tainted 4.20.0-rc4+ #335 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405 Call Trace: ------------[ cut here ]------------ __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object '@' (offset 18446744069951467104, size 64)! WARNING: CPU: 0 PID: 12832 at mm/usercopy.c:83 usercopy_warn+0xee/0x110 mm/usercopy.c:78 Kernel panic - not syncing: panic_on_warn set ... print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] refcount_inc_not_zero_checked+0x97/0x2f0 lib/refcount.c:120 refcount_inc_checked+0x15/0x70 lib/refcount.c:153 kref_get include/linux/kref.h:47 [inline] aa_get_label security/apparmor/include/label.h:387 [inline] aa_get_newest_label security/apparmor/include/label.h:441 [inline] apparmor_cred_prepare+0x307/0x5a0 security/apparmor/lsm.c:80 security_prepare_creds+0x60/0xc0 security/security.c:1022 prepare_creds+0x3b9/0x4d0 kernel/cred.c:278 do_coredump+0x52f/0x4001 fs/coredump.c:574 get_signal+0x9ee/0x1980 kernel/signal.c:2511 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816 exit_to_usermode_loop+0x2e5/0x380 arch/x86/entry/common.c:162 prepare_exit_to_usermode+0x342/0x3b0 arch/x86/entry/common.c:197 retint_user+0x8/0x18 RIP: 0033:0x7fc8e7ac5947 Code: 88 ff ff 89 11 48 83 00 00 00 00 c8 f9 c8 da 81 88 ff ff 50 67 56 b6 81 88 ff ff 58 67 56 b6 81 88 ff ff 42 67 56 b6 81 88 ff 80 66 56 b6 81 88 ff ff 2d 1f 59 3b 10 f1 ff 1f 01 00 00 00 ff RSP: 002b:00007ffd9f861fe8 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 0000000001b23440 RCX: 00007fc8e7ac5943 RDX: 0000000000008104 RSI: 00007ffd9f862040 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 R13: 0000000001b23d60 R14: 0000000001b23250 R15: 000000000000000b The buggy address belongs to the object at ffff8881da9c0040 which belongs to the cache of size -30591 The buggy address is located 33583 bytes to the right of -30591-byte region [ffff8881da9c0040, ffff8881da9b88c1) The buggy address belongs to the page: page:ffffea00076a7000 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0x0 compound_mapcount: 0 flags: 0x2fffc0000010200(slab|head) raw: 02fffc0000010200 ffffea00076a4108 ffffea0007650a08 ffff8881da800ac0 raw: 0000000000000000 ffff8881da9c0040 0000000100000007 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881da9c0a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ffff8881da9c0b00: f1 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 00 00 00 >ffff8881da9c0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ^ ffff8881da9c0c00: f1 f8 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 ffff8881da9c0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 ================================================================== Kernel Offset: disabled Rebooting in 86400 seconds..