audit: type=1804 audit(1545086475.384:34): pid=8173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor3" name="/root/syzkaller-testdir368700572/syzkaller.UmPHJb/14/memory.events" dev="sda1" ino=16582 res=1 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8220 Comm: syz-executor2 Not tainted 4.20.0-rc6+ #349 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405 ------------[ cut here ]------------ Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object '$' (offset 18446744070488339248, size 64)! WARNING: CPU: 0 PID: 8220 at mm/usercopy.c:83 usercopy_warn+0xee/0x110 mm/usercopy.c:78 Kernel panic - not syncing: panic_on_warn set ... ================================================================== BUG: KASAN: stack-out-of-bounds in pgd_val arch/x86/include/asm/paravirt.h:414 [inline] BUG: KASAN: stack-out-of-bounds in p4d_page_vaddr arch/x86/include/asm/pgtable.h:895 [inline] BUG: KASAN: stack-out-of-bounds in pud_offset arch/x86/include/asm/pgtable.h:907 [inline] BUG: KASAN: stack-out-of-bounds in vmalloc_fault+0x6d0/0x770 arch/x86/mm/fault.c:397 Read of size 8 at addr ffff8881da96cff8 by task kauditd/26 CPU: 1 PID: 26 Comm: kauditd Not tainted 4.20.0-rc6+ #349 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 pgd_val arch/x86/include/asm/paravirt.h:414 [inline] p4d_page_vaddr arch/x86/include/asm/pgtable.h:895 [inline] pud_offset arch/x86/include/asm/pgtable.h:907 [inline] vmalloc_fault+0x6d0/0x770 arch/x86/mm/fault.c:397 do_kern_addr_fault arch/x86/mm/fault.c:1203 [inline] __do_page_fault+0x860/0xe60 arch/x86/mm/fault.c:1487 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1520 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:raw_write_seqcount_begin include/linux/seqlock.h:228 [inline] RIP: 0010:write_seqcount_begin_nested include/linux/seqlock.h:376 [inline] RIP: 0010:write_seqcount_begin include/linux/seqlock.h:382 [inline] RIP: 0010:psi_group_change kernel/sched/psi.c:461 [inline] RIP: 0010:psi_task_change+0x216/0x5f0 kernel/sched/psi.c:534 Code: 00 4a 03 1c e5 20 80 27 89 48 89 d8 48 c1 e8 03 42 0f b6 14 18 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 0a 03 00 00 <83> 03 01 48 8d 43 08 45 31 c9 31 c9 48 89 c7 31 d2 31 f6 48 89 45 RSP: 0018:ffff8881daf07800 EFLAGS: 00010046 RAX: 0000000000000003 RBX: ffffe8ffffda6000 RCX: ffff8881daf079f0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff89278028 RBP: ffff8881daf07878 R08: 0000000000000000 R09: 0000000000000004 R10: fffffbfff14a7a09 R11: dffffc0000000000 R12: 0000000000000001 R13: ffff8881daf2cc80 R14: 0000000000000000 R15: ffff8881948dc1c0 psi_enqueue kernel/sched/stats.h:82 [inline] enqueue_task kernel/sched/core.c:727 [inline] activate_task+0x21a/0x430 kernel/sched/core.c:751 ttwu_activate kernel/sched/core.c:1643 [inline] ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1702 ttwu_queue kernel/sched/core.c:1847 [inline] try_to_wake_up+0x9b3/0x1440 kernel/sched/core.c:2057 wake_up_process+0x10/0x20 kernel/sched/core.c:2129 hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1646 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460 hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline] smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:761 [inline] RIP: 0010:console_unlock+0xf41/0x1190 kernel/printk/printk.c:2422 Code: 48 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 54 02 00 00 48 83 3d 7f 84 ec 07 00 74 72 e8 18 08 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 e9 f3 f2 ff ff e8 00 08 1a 00 0f 0b e8 f9 07 1a 00 RSP: 0018:ffff8881d94bf8e8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff8881d94b66c0 RBX: 0000000000000200 RCX: 1ffff1103b296dec RDX: 0000000000000000 RSI: ffffffff81657c78 RDI: 0000000000000293 RBP: ffff8881d94bfa58 R08: ffff8881d94b6f60 R09: 0000000000000006 R10: 0000000000000000 R11: ffff8881d94b66c0 R12: 0000000000000000 R13: ffffffff849cd9a0 R14: dffffc0000000000 R15: ffffffff89b64090 vprintk_emit+0x391/0x990 kernel/printk/printk.c:1922 vprintk_default+0x28/0x30 kernel/printk/printk.c:1964 vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 printk+0xa7/0xcf kernel/printk/printk.c:1997 kauditd_printk_skb kernel/audit.c:546 [inline] kauditd_hold_skb.cold.21+0x3f/0x4e kernel/audit.c:579 kauditd_send_queue+0x13b/0x180 kernel/audit.c:742 kauditd_thread+0x7d2/0xb60 kernel/audit.c:868 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 The buggy address belongs to the page: page:ffffea00076a5b00 count:1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881da96ce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ffff8881da96cf00: f1 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 00 00 00 >ffff8881da96cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ^ ffff8881da96d000: f1 f8 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 ffff8881da96d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access Shutting down cpus with NMI Kernel Offset: disabled Rebooting in 86400 seconds..