hrtimer: interrupt took 14000 ns
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 PID: 26 Comm: kauditd Not tainted 6.5.0-syzkaller-08894-gb97d64c72259 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:__rb_insert lib/rbtree.c:115 [inline]
RIP: 0010:__rb_insert_augmented+0x76/0x880 lib/rbtree.c:459
Code: 00 48 89 da 48 c1 ea 03 80 3c 02 00 0f 85 93 05 00 00 48 8b 2b 40 f6 c5 01 0f 85 3b 05 00 00 48 8d 55 08 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 87 05 00 00 4c 8b 6d 08 49 39 dd 0f 84 7c 01 00
RSP: 0018:ffffc900001e0a08 EFLAGS: 00010012
RAX: dffffc0000000000 RBX: ffff888070e00c10 RCX: 0000000000000001
RDX: 0000000000000008 RSI: ffff8880b993c5d0 RDI: ffff88807d9dbc10
RBP: 0000000000000000 R08: ffff888070e02400 R09: ffff88807d9dbc38
R10: ffffffff8ead3c57 R11: 0000000000000000 R12: ffff88807d9dbc10
R13: ffff888017679e40 R14: ffffffff815d0b60 R15: ffff8880b993c5d0
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f069410638e CR3: 0000000021340000 CR4: 0000000000350ee0
Call Trace:
enqueue_entity+0x280/0x1490 kernel/sched/fair.c:5071
enqueue_task_fair+0x15b/0xbc0 kernel/sched/fair.c:6481
enqueue_task kernel/sched/core.c:2102 [inline]
activate_task kernel/sched/core.c:2132 [inline]
ttwu_do_activate+0x214/0xd90 kernel/sched/core.c:3787
ttwu_queue kernel/sched/core.c:4029 [inline]
try_to_wake_up+0x8e7/0x15b0 kernel/sched/core.c:4346
wake_up_worker kernel/workqueue.c:901 [inline]
insert_work+0x285/0x330 kernel/workqueue.c:1564
__queue_work+0x5f5/0x1040 kernel/workqueue.c:1717
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1746 [inline]
__run_timers+0x585/0xb10 kernel/time/timer.c:2022
run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
__do_softirq+0x218/0x965 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1074
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:console_flush_all+0x9b6/0xf50 kernel/printk/printk.c:2939
Code: 20 52 23 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 9e 9a 1c 00 48 85 db 0f 85 94 03 00 00 e8 00 9f 1c 00 fb 48 8b 44 24 08 <48> 8b 14 24 0f b6 00 83 e2 07 38 d0 7f 08 84 c0 0f 85 9d 04 00 00
RSP: 0018:ffffc90000a2fa80 EFLAGS: 00000293
RAX: fffff52000145f7b RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888017679dc0 RSI: ffffffff816aa190 RDI: 0000000000000007
RBP: ffffffff8d4d56e0 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 205d363254202020 R12: 0000000000000000
R13: ffffffff8d4d5738 R14: dffffc0000000000 R15: 0000000000000001
console_unlock+0xc6/0x1f0 kernel/printk/printk.c:3007
vprintk_emit+0x1c5/0x640 kernel/printk/printk.c:2307
vprintk+0x89/0xa0 kernel/printk/printk_safe.c:50
_printk+0xc8/0x100 kernel/printk/printk.c:2328
kauditd_printk_skb kernel/audit.c:535 [inline]
kauditd_hold_skb+0x1fb/0x240 kernel/audit.c:570
kauditd_send_queue+0x229/0x280 kernel/audit.c:755
kauditd_thread+0x631/0xa90 kernel/audit.c:879
kthread+0x33a/0x430 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:145
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__rb_insert lib/rbtree.c:115 [inline]
RIP: 0010:__rb_insert_augmented+0x76/0x880 lib/rbtree.c:459
Code: 00 48 89 da 48 c1 ea 03 80 3c 02 00 0f 85 93 05 00 00 48 8b 2b 40 f6 c5 01 0f 85 3b 05 00 00 48 8d 55 08 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 87 05 00 00 4c 8b 6d 08 49 39 dd 0f 84 7c 01 00
RSP: 0018:ffffc900001e0a08 EFLAGS: 00010012
RAX: dffffc0000000000 RBX: ffff888070e00c10 RCX: 0000000000000001
RDX: 0000000000000008 RSI: ffff8880b993c5d0 RDI: ffff88807d9dbc10
RBP: 0000000000000000 R08: ffff888070e02400 R09: ffff88807d9dbc38
R10: ffffffff8ead3c57 R11: 0000000000000000 R12: ffff88807d9dbc10
R13: ffff888017679e40 R14: ffffffff815d0b60 R15: ffff8880b993c5d0
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f069410638e CR3: 0000000021340000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 48 89 da mov %rbx,%rdx
3: 48 c1 ea 03 shr $0x3,%rdx
7: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
b: 0f 85 93 05 00 00 jne 0x5a4
11: 48 8b 2b mov (%rbx),%rbp
14: 40 f6 c5 01 test $0x1,%bpl
18: 0f 85 3b 05 00 00 jne 0x559
1e: 48 8d 55 08 lea 0x8(%rbp),%rdx
22: 48 89 d1 mov %rdx,%rcx
25: 48 c1 e9 03 shr $0x3,%rcx
* 29: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1) <-- trapping instruction
2d: 0f 85 87 05 00 00 jne 0x5ba
33: 4c 8b 6d 08 mov 0x8(%rbp),%r13
37: 49 39 dd cmp %rbx,%r13
3a: 0f .byte 0xf
3b: 84 7c 01 00 test %bh,0x0(%rcx,%rax,1)