hrtimer: interrupt took 14000 ns general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 26 Comm: kauditd Not tainted 6.5.0-syzkaller-08894-gb97d64c72259 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 RIP: 0010:__rb_insert lib/rbtree.c:115 [inline] RIP: 0010:__rb_insert_augmented+0x76/0x880 lib/rbtree.c:459 Code: 00 48 89 da 48 c1 ea 03 80 3c 02 00 0f 85 93 05 00 00 48 8b 2b 40 f6 c5 01 0f 85 3b 05 00 00 48 8d 55 08 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 87 05 00 00 4c 8b 6d 08 49 39 dd 0f 84 7c 01 00 RSP: 0018:ffffc900001e0a08 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: ffff888070e00c10 RCX: 0000000000000001 RDX: 0000000000000008 RSI: ffff8880b993c5d0 RDI: ffff88807d9dbc10 RBP: 0000000000000000 R08: ffff888070e02400 R09: ffff88807d9dbc38 R10: ffffffff8ead3c57 R11: 0000000000000000 R12: ffff88807d9dbc10 R13: ffff888017679e40 R14: ffffffff815d0b60 R15: ffff8880b993c5d0 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f069410638e CR3: 0000000021340000 CR4: 0000000000350ee0 Call Trace: enqueue_entity+0x280/0x1490 kernel/sched/fair.c:5071 enqueue_task_fair+0x15b/0xbc0 kernel/sched/fair.c:6481 enqueue_task kernel/sched/core.c:2102 [inline] activate_task kernel/sched/core.c:2132 [inline] ttwu_do_activate+0x214/0xd90 kernel/sched/core.c:3787 ttwu_queue kernel/sched/core.c:4029 [inline] try_to_wake_up+0x8e7/0x15b0 kernel/sched/core.c:4346 wake_up_worker kernel/workqueue.c:901 [inline] insert_work+0x285/0x330 kernel/workqueue.c:1564 __queue_work+0x5f5/0x1040 kernel/workqueue.c:1717 call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700 expire_timers kernel/time/timer.c:1746 [inline] __run_timers+0x585/0xb10 kernel/time/timer.c:2022 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035 __do_softirq+0x218/0x965 kernel/softirq.c:553 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1074 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:console_flush_all+0x9b6/0xf50 kernel/printk/printk.c:2939 Code: 20 52 23 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 9e 9a 1c 00 48 85 db 0f 85 94 03 00 00 e8 00 9f 1c 00 fb 48 8b 44 24 08 <48> 8b 14 24 0f b6 00 83 e2 07 38 d0 7f 08 84 c0 0f 85 9d 04 00 00 RSP: 0018:ffffc90000a2fa80 EFLAGS: 00000293 RAX: fffff52000145f7b RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888017679dc0 RSI: ffffffff816aa190 RDI: 0000000000000007 RBP: ffffffff8d4d56e0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 205d363254202020 R12: 0000000000000000 R13: ffffffff8d4d5738 R14: dffffc0000000000 R15: 0000000000000001 console_unlock+0xc6/0x1f0 kernel/printk/printk.c:3007 vprintk_emit+0x1c5/0x640 kernel/printk/printk.c:2307 vprintk+0x89/0xa0 kernel/printk/printk_safe.c:50 _printk+0xc8/0x100 kernel/printk/printk.c:2328 kauditd_printk_skb kernel/audit.c:535 [inline] kauditd_hold_skb+0x1fb/0x240 kernel/audit.c:570 kauditd_send_queue+0x229/0x280 kernel/audit.c:755 kauditd_thread+0x631/0xa90 kernel/audit.c:879 kthread+0x33a/0x430 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__rb_insert lib/rbtree.c:115 [inline] RIP: 0010:__rb_insert_augmented+0x76/0x880 lib/rbtree.c:459 Code: 00 48 89 da 48 c1 ea 03 80 3c 02 00 0f 85 93 05 00 00 48 8b 2b 40 f6 c5 01 0f 85 3b 05 00 00 48 8d 55 08 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 87 05 00 00 4c 8b 6d 08 49 39 dd 0f 84 7c 01 00 RSP: 0018:ffffc900001e0a08 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: ffff888070e00c10 RCX: 0000000000000001 RDX: 0000000000000008 RSI: ffff8880b993c5d0 RDI: ffff88807d9dbc10 RBP: 0000000000000000 R08: ffff888070e02400 R09: ffff88807d9dbc38 R10: ffffffff8ead3c57 R11: 0000000000000000 R12: ffff88807d9dbc10 R13: ffff888017679e40 R14: ffffffff815d0b60 R15: ffff8880b993c5d0 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f069410638e CR3: 0000000021340000 CR4: 0000000000350ee0 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 48 89 da mov %rbx,%rdx 3: 48 c1 ea 03 shr $0x3,%rdx 7: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) b: 0f 85 93 05 00 00 jne 0x5a4 11: 48 8b 2b mov (%rbx),%rbp 14: 40 f6 c5 01 test $0x1,%bpl 18: 0f 85 3b 05 00 00 jne 0x559 1e: 48 8d 55 08 lea 0x8(%rbp),%rdx 22: 48 89 d1 mov %rdx,%rcx 25: 48 c1 e9 03 shr $0x3,%rcx * 29: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1) <-- trapping instruction 2d: 0f 85 87 05 00 00 jne 0x5ba 33: 4c 8b 6d 08 mov 0x8(%rbp),%r13 37: 49 39 dd cmp %rbx,%r13 3a: 0f .byte 0xf 3b: 84 7c 01 00 test %bh,0x0(%rcx,%rax,1)