kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3428 Comm: syz.7.838 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:call_timer_fn+0x39/0x380 kernel/time/timer.c:1448
Code: ec 10 49 89 d4 49 89 f6 49 89 ff e8 61 d9 0e 00 65 8b 1d 06 e8 b1 7e 0f 1f 44 00 00 e8 50 d9 0e 00 81 e3 ff ff ff 7f 4c 89 ff <41> ff d6 0f 1f 44 00 00 e8 3a d9 0e 00 65 44 8b 3d de e7 b1 7e 41
RSP: 0000:ffff8881f6e09cf8 EFLAGS: 00010006
RAX: ffffffff8150a590 RBX: 0000000000000100 RCX: ffff8881ecccbf00
RDX: 0000000000000100 RSI: 80000001c3a3b163 RDI: ffff8881c3a1f1c0
RBP: ffff8881f6e09d30 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed103edc1398 R11: 1ffff1103edc1398 R12: 00000000ffffba80
R13: dffffc0000000000 R14: 80000001c3a3b163 R15: ffff8881c3a1f1c0
FS: 00007f76691086c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000004 CR3: 00000001d3d02000 CR4: 00000000003406b0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
expire_timers kernel/time/timer.c:1488 [inline]
__run_timers+0x84b/0xb60 kernel/time/timer.c:1817
run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:1830
__do_softirq+0x236/0x660 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:373 [inline]
irq_exit+0x197/0x1c0 kernel/softirq.c:413
exiting_irq arch/x86/include/asm/apic.h:539 [inline]
smp_apic_timer_interrupt+0x11d/0x490 arch/x86/kernel/apic/apic.c:1161
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
RIP: 0033:0x7ffee31d77f7
Code: 02 f3 90 45 8b 10 41 f6 c2 01 75 f5 41 8b 40 04 83 f8 02 74 17 83 f8 01 0f 85 46 01 00 00 0f 01 f9 66 90 48 c1 e2 20 48 09 c2 72 44 8b 1d 00 d8 ff ff f6 05 16 d8 ff ff 01 0f 84 24 01 00 00
RSP: 002b:00007f7669108018 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
RAX: 0000000003efc70a RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000004003efc70a RSI: 00007f76691080b0 RDI: 0000000000000001
RBP: 00007f7669108040 R08: 00007ffee31d4080 R09: 00007ffee31d40b0
R10: 0000000000005616 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f766acc6fa0 R15: 00007ffee31bbaa8
Modules linked in:
---[ end trace 30609ce52080743e ]---
RIP: 0010:call_timer_fn+0x39/0x380 kernel/time/timer.c:1448
Code: ec 10 49 89 d4 49 89 f6 49 89 ff e8 61 d9 0e 00 65 8b 1d 06 e8 b1 7e 0f 1f 44 00 00 e8 50 d9 0e 00 81 e3 ff ff ff 7f 4c 89 ff <41> ff d6 0f 1f 44 00 00 e8 3a d9 0e 00 65 44 8b 3d de e7 b1 7e 41
RSP: 0000:ffff8881f6e09cf8 EFLAGS: 00010006
RAX: ffffffff8150a590 RBX: 0000000000000100 RCX: ffff8881ecccbf00
RDX: 0000000000000100 RSI: 80000001c3a3b163 RDI: ffff8881c3a1f1c0
RBP: ffff8881f6e09d30 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed103edc1398 R11: 1ffff1103edc1398 R12: 00000000ffffba80
R13: dffffc0000000000 R14: 80000001c3a3b163 R15: ffff8881c3a1f1c0
FS: 00007f76691086c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000004 CR3: 00000001d3d02000 CR4: 00000000003406b0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess), 2 bytes skipped:
0: 49 89 d4 mov %rdx,%r12
3: 49 89 f6 mov %rsi,%r14
6: 49 89 ff mov %rdi,%r15
9: e8 61 d9 0e 00 call 0xed96f
e: 65 8b 1d 06 e8 b1 7e mov %gs:0x7eb1e806(%rip),%ebx # 0x7eb1e81b
15: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
1a: e8 50 d9 0e 00 call 0xed96f
1f: 81 e3 ff ff ff 7f and $0x7fffffff,%ebx
25: 4c 89 ff mov %r15,%rdi
* 28: 41 ff d6 call *%r14 <-- trapping instruction
2b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
30: e8 3a d9 0e 00 call 0xed96f
35: 65 44 8b 3d de e7 b1 mov %gs:0x7eb1e7de(%rip),%r15d # 0x7eb1e81b
3c: 7e
3d: 41 rex.B