1 TITLE: BUG: unable to handle kernel paging request in __run_timers 2 3 [ 190.751093] BUG: unable to handle kernel paging request at ffffffffffffffff 4 [ 190.757101] IP: 0xffffffffffffffff 5 [ 190.757101] PGD 7e10067 6 [ 190.757101] P4D 7e10067 7 [ 190.757101] PUD 7e12067 8 [ 190.757101] PMD 0 9 [ 190.757101] 10 [ 190.757101] Oops: 0010 [#1] SMP 11 [ 190.757101] Dumping ftrace buffer: 12 [ 190.757101] (ftrace buffer empty) 13 [ 190.757101] Modules linked in: 14 [ 190.757101] CPU: 1 PID: 12327 Comm: syz-executor5 Tainted: G B 4.13.0+ #35 15 [ 190.757101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 16 [ 190.757101] task: ffff8801deb8d880 task.stack: ffff8801aa900000 17 [ 190.757101] RIP: 0010:0xffffffffffffffff 18 [ 190.757101] RSP: 0018:ffff88021fd07d10 EFLAGS: 00010006 19 [ 190.757101] RAX: 0000000000000000 RBX: 0000000080000100 RCX: 0000000000000000 20 [ 190.757101] RDX: ffff8802030b2f48 RSI: aaaaaaaaaaaab000 RDI: ffffffffffffffff 21 [ 190.757101] RBP: ffff88021fd07d90 R08: 0000000001080020 R09: 0000000000000002 22 [ 190.757101] R10: ffff88021fd07cc8 R11: 0000000000000000 R12: ffffffffffffffff 23 [ 190.757101] R13: ffffffff885293b0 R14: 0000000000000000 R15: ffff88021fd19b48 24 [ 190.757101] FS: 00007f80206db700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 25 [ 190.757101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 26 [ 190.757101] CR2: ffffffffffffffff CR3: 0000000007e0f000 CR4: 00000000001406e0 27 [ 190.757101] DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000 28 [ 190.757101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 29 [ 190.757101] Call Trace: 30 [ 190.757101] <IRQ> 31 [ 190.757101] ? call_timer_fn+0x2b1/0x630 32 [ 190.757101] __run_timers+0xeef/0x1390 33 [ 190.757101] ? irq_exit+0x203/0x240 34 [ 190.757101] run_timer_softirq+0x45/0xb0 35 [ 190.757101] ? timers_dead_cpu+0xef0/0xef0 36 [ 190.757101] __do_softirq+0x5bb/0xa08 37 [ 190.757101] irq_exit+0x203/0x240 38 [ 190.757101] exiting_irq+0xe/0x10 39 [ 190.757101] smp_apic_timer_interrupt+0x5a/0x80 40 [ 190.757101] apic_timer_interrupt+0x86/0x90 41 [ 190.757101] RIP: 0010:kmsan_get_origin_address_noruntime+0x163/0x260 42 [ 190.757101] RSP: 0018:ffff8801aa906f20 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 43 [ 190.757101] RAX: ffff88022a907120 RBX: 0000000000000000 RCX: ffffea0000000000 44 [ 190.757101] RDX: 000077ff80000000 RSI: 0000000000000000 RDI: ffff8801aa907120 45 [ 190.757101] RBP: ffff8801aa906f58 R08: 0000000001080020 R09: 0000000000000002 46 [ 190.757101] R10: ffff8801aa906ff8 R11: 000000008022000e R12: 0000000000000004 47 [ 190.757101] R13: 00000000f780000e R14: ffff8801aa907120 R15: 0000000000000000 48 [ 190.757101] </IRQ> 49 [ 190.757101] kmsan_set_origin_inline+0x6b/0x120 50 [ 190.757101] __msan_poison_alloca+0x15c/0x1d0 51 [ 190.757101] ? kernfs_put+0x759/0xc40 52 [ 190.757101] ? kfree+0x7f/0x2f40 53 [ 190.757101] ? kernfs_put+0x759/0xc40 54 [ 190.757101] ? __msan_get_context_state+0x20/0xf0 55 [ 190.757101] ? kernfs_put+0x759/0xc40 56 [ 190.757101] kfree+0x7f/0x2f40 57 [ 190.757101] ? kernfs_put+0x7e8/0xc40 58 [ 190.757101] ? kmsan_set_origin_inline+0x6b/0x120 59 [ 190.757101] ? __msan_poison_alloca+0x15c/0x1d0 60 [ 190.757101] ? __kernfs_remove+0x12a2/0x13a0 61 [ 190.757101] kernfs_put+0x759/0xc40 62 [ 190.757101] ? _cond_resched+0x2b/0xc0 63 [ 190.757101] __kernfs_remove+0x12a2/0x13a0 64 [ 190.757101] ? kernfs_find_ns+0x974/0x9e0 65 [ 190.757101] kernfs_remove_by_name_ns+0x115/0x200 66 [ 190.757101] sysfs_remove_group+0x38c/0x770 67 [ 190.757101] netdev_queue_update_kobjects+0x754/0x870 68 [ 190.757101] netdev_unregister_kobject+0x231/0x340 69 [ 190.757101] rollback_registered_many+0x150c/0x1ab0 70 [ 190.757101] unregister_netdevice_queue+0x55e/0xa80 71 [ 190.757101] __tun_detach+0x1681/0x2070 72 [ 190.757101] ? __msan_get_context_state+0x20/0xf0 73 [ 190.757101] tun_chr_close+0x6a/0xb0 74 [ 190.757101] __fput+0x49a/0xc10 75 [ 190.757101] ____fput+0x37/0x40 76 [ 190.757101] ? fput+0x2d0/0x2d0 77 [ 190.757101] task_work_run+0x193/0x300 78 [ 190.757101] do_exit+0x1217/0x3f20 79 [ 190.757101] ? __msan_metadata_ptr_for_store_4+0x13/0x20 80 [ 190.757101] ? dequeue_signal+0x356/0xb70 81 [ 190.757101] do_group_exit+0x1d3/0x3b0 82 [ 190.757101] get_signal+0x17ad/0x2150 83 [ 190.757101] ? syscall_return_slowpath+0x2fb/0x9d0 84 [ 190.757101] ? syscall_return_slowpath+0x2fb/0x9d0 85 [ 190.757101] do_signal+0xb7/0x1c70 86 [ 190.757101] ? put_task_struct+0x41/0xd0 87 [ 190.757101] ? __msan_metadata_ptr_for_load_8+0x10/0x20 88 [ 190.757101] ? balance_callback+0x4a/0x2c0 89 [ 190.757101] ? finish_task_switch+0x15e/0x230 90 [ 190.757101] ? __schedule+0x6dd/0x780 91 [ 190.757101] ? schedule+0x1dc/0x320 92 [ 190.757101] ? __msan_metadata_ptr_for_load_1+0x10/0x20 93 [ 190.757101] ? syscall_return_slowpath+0x31a/0x9d0 94 [ 190.757101] syscall_return_slowpath+0x2fb/0x9d0 95 [ 190.757101] ? SyS_futex+0x89/0xb0 96 [ 190.757101] entry_SYSCALL_64_fastpath+0x92/0x94 97 [ 190.757101] RIP: 0033:0x452cf9 98 [ 190.757101] RSP: 002b:00007f80206dac88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca 99 [ 190.757101] RAX: 0000000000000001 RBX: 000000000071bea0 RCX: 0000000000452cf9 100 [ 190.757101] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000071becc 101 [ 190.757101] RBP: 0000000000000355 R08: 0000000000000000 R09: 0000000000000355 102 [ 190.757101] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006f3098 103 [ 190.757101] R13: 00000000ffffffff R14: 00007f80206db6d4 R15: 0000000000000000 104 [ 190.757101] Code: Bad RIP value. 105 [ 190.757101] RIP: 0xffffffffffffffff RSP: ffff88021fd07d10 106 [ 190.757101] CR2: ffffffffffffffff 107 [ 190.757101] ---[ end trace fec0af60af9149a6 ]--- 108 [ 190.757101] Kernel panic - not syncing: Fatal exception in interrupt 109 [ 190.757101] Dumping ftrace buffer: 110 [ 190.757101] (ftrace buffer empty) 111 [ 190.757101] Kernel Offset: disabled 112 [ 190.757101] Rebooting in 86400 seconds.. 113
