syzbot

 sign-in | mailing list | source | docs
🐞 Open [1666]
Subsystems
🐞 Fixed [5974]
🐞 Invalid [14663]
Missing Backports [128]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in handle_percpu_devid_irq

Status: auto-obsoleted due to no activity on 2024/08/13 01:16
Subsystems: arm
[Documentation on labels]
Reported-by: syzbot+04d4ae04e291daaef555@syzkaller.appspotmail.com
First crash: 245d, last: 245d

Sample crash report:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000005
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=00000001288bf000
[0000000000000000] pgd=080000010e113003, p4d=080000010e113003, pud=0000000000000000
Internal error: Oops: 0000000086000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6257 Comm: syz-executor.3 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 004000c5 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0x0
lr : timer_handler drivers/clocksource/arm_arch_timer.c:674 [inline]
lr : arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:685
sp : ffff800080007f30
x29: ffff800080007f30 x28: ffff0000c5e9dac0 x27: 0000000000000008
x26: ffff800093742cd0 x25: ffff80008f76a0c0 x24: dfff800000000000
x23: ffff80008f76a0e8 x22: ffff8000882cc31c x21: ffff0000c1086c00
x20: 0000000000000005 x19: ffff0001b3ddff40 x18: 1fffe000367b8996
x17: ffff800124fc3000 x16: ffff80008ae89e3c x15: 0000000000000001
x14: ffff80008eeb0668 x13: dfff800000000000 x12: 00000000222162d1
x11: 00000000cb470884 x10: 1fffe000367bbfe8 x9 : dfff800000000000
x8 : 0000000000000000 x7 : ffff8000803a9534 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000004 x0 : ffff0001b3ddff40
Call trace:
 0x0
 handle_percpu_devid_irq+0x174/0x308 kernel/irq/chip.c:942
 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:688 [inline]
 generic_handle_domain_irq+0x7c/0xc4 kernel/irq/irqdesc.c:744
 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:771 [inline]
 __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:822 [inline]
 gic_handle_irq+0x6c/0x190 drivers/irqchip/irq-gic-v3.c:866
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
 do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:310
 __el1_irq arch/arm64/kernel/entry-common.c:536 [inline]
 el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:551
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:556
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:594
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline]
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:194
 kasan_quarantine_remove_cache+0x1c0/0x2a0 mm/kasan/quarantine.c:372
 kasan_cache_shutdown+0x24/0x34 mm/kasan/generic.c:212
 shutdown_cache mm/slab_common.c:454 [inline]
 kmem_cache_destroy+0x78/0x1b0 mm/slab_common.c:496
 bio_put_slab block/bio.c:155 [inline]
 bioset_exit+0x330/0x434 block/bio.c:1707
 bch2_fs_io_read_exit+0x70/0x80 fs/bcachefs/io_read.c:1203
 __bch2_fs_free fs/bcachefs/super.c:559 [inline]
 bch2_fs_release+0x1c4/0x56c fs/bcachefs/super.c:610
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x2a8/0x41c lib/kobject.c:737
 bch2_fs_free+0x288/0x2f0 fs/bcachefs/super.c:675
 bch2_kill_sb+0x48/0x58 fs/bcachefs/fs.c:2013
 deactivate_locked_super+0xc4/0x12c fs/super.c:472
 deactivate_super+0xe0/0x100 fs/super.c:505
 cleanup_mnt+0x34c/0x3dc fs/namespace.c:1267
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1274
 task_work_run+0x230/0x2e0 kernel/task_work.c:180
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Code: ???????? ???????? ???????? ???????? (????????) 
---[ end trace 0000000000000000 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/15 01:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in handle_percpu_devid_irq
* Struck through repros no longer work on HEAD.