[syzbot] [kernel?] linux-next test error: kernel BUG in init_IRQ

[syzbot <syzbot+f23da7c24d8bef5c18ac@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    ed61cb3d78d5 Add linux-next specific files for 20250509
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=167624d4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=34d9647dd1e787db
dashboard link: https://syzkaller.appspot.com/bug?extid=f23da7c24d8bef5c18ac
compiler:       Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a58ec818f89c/disk-ed61cb3d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/47a111a53991/vmlinux-ed61cb3d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/904b8ca84d78/bzImage-ed61cb3d.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f23da7c24d8bef5c18ac@syzkaller.appspotmail.com

CPU topo: Num. cores per package:     1
CPU topo: Num. threads per package:   2
CPU topo: Allowing 2 present CPUs plus 0 hotplug CPUs
PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x000fffff]
PM: hibernation: Registered nosave memory: [mem 0xbfffd000-0xffffffff]
[mem 0xc0000000-0xfffbbfff] available for PCI devices
Booting paravirtualized kernel on KVM
clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
setup_percpu: NR_CPUS:8 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:2
percpu: Embedded 70 pages/cpu s246024 r8192 d32504 u1048576
kvm-guest: PV spinlocks enabled
PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=64 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=32 rose.rose_ndevs=32 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=32 max_loop=32 nbds_max=32 panic_on_warn
Unknown kernel command line parameters "spec_store_bypass_disable=prctl nbds_max=32 BOOT_IMAGE=/boot/bzImage", will be passed to user space.
random: crng init done
printk: log buffer data + meta data: 262144 + 917504 = 1179648 bytes
software IO TLB: area num 2.
Fallback order for Node 0: 0 1 
Fallback order for Node 1: 1 0 
Built 2 zonelists, mobility grouping on.  Total pages: 2097051
Policy zone: Normal
mem auto-init: stack:all(zero), heap alloc:on, heap free:off
stackdepot: allocating hash table via alloc_large_system_hash
stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=2
allocated 167772160 bytes of page_ext
Node 0, zone      DMA: page owner found early allocated 0 pages
Node 0, zone    DMA32: page owner found early allocated 21222 pages
Node 0, zone   Normal: page owner found early allocated 0 pages
Node 1, zone   Normal: page owner found early allocated 19843 pages
Kernel/User page tables isolation: enabled
Dynamic Preempt: full
Running RCU self tests
Running RCU synchronous self tests
rcu: Preemptible hierarchical RCU implementation.
rcu: 	RCU lockdep checking is enabled.
rcu: 	RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=2.
rcu: 	RCU callback double-/use-after-free debug is enabled.
rcu: 	RCU debug extended QS entry/exit.
	All grace periods are expedited (rcu_expedited).
	Trampoline variant of Tasks RCU enabled.
	Tracing variant of Tasks RCU enabled.
rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
Running RCU synchronous self tests
RCU Tasks: Setting shift to 1 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=2.
RCU Tasks Trace: Setting shift to 1 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=2.
NR_IRQS: 4352, nr_irqs: 440, preallocated irqs: 16
------------[ cut here ]------------
kernel BUG at arch/x86/kernel/irqinit.c:90!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc5-next-20250509-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
RIP: 0010:init_IRQ+0x1b7/0x1c0 arch/x86/kernel/irqinit.c:90
Code: 5d 41 5e 41 5f 5d 2e e9 27 13 9c fa 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a8 fe ff ff 48 89 df e8 2f c7 64 f2 e9 9b fe ff ff 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0000:ffffffff8ca07ee0 EFLAGS: 00010082
RAX: 00000000fffffff4 RBX: 0000000000000010 RCX: 0000000000000000
RDX: ffff888140403280 RSI: ffffffff8aa261c0 RDI: ffffffff8aa26180
RBP: 1ffffffff196c30c R08: ffffffff8d459fd3 R09: 1ffffffff1a8b3fa
R10: dffffc0000000000 R11: fffffbfff1a8b3fb R12: dffffc0000000000
R13: 0000004000000000 R14: ffffffff8cb61900 R15: ffff8880b8a22908
FS:  0000000000000000(0000) GS:ffff8881281a6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000cb2e000 CR4: 00000000000000b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 start_kernel+0x1cb/0x400 init/main.c:1003
 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:308
 x86_64_start_kernel+0x66/0x70 arch/x86/kernel/head64.c:289
 common_startup_64+0x13e/0x147
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:init_IRQ+0x1b7/0x1c0 arch/x86/kernel/irqinit.c:90
Code: 5d 41 5e 41 5f 5d 2e e9 27 13 9c fa 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a8 fe ff ff 48 89 df e8 2f c7 64 f2 e9 9b fe ff ff 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0000:ffffffff8ca07ee0 EFLAGS: 00010082
RAX: 00000000fffffff4 RBX: 0000000000000010 RCX: 0000000000000000
RDX: ffff888140403280 RSI: ffffffff8aa261c0 RDI: ffffffff8aa26180
RBP: 1ffffffff196c30c R08: ffffffff8d459fd3 R09: 1ffffffff1a8b3fa
R10: dffffc0000000000 R11: fffffbfff1a8b3fb R12: dffffc0000000000
R13: 0000004000000000 R14: ffffffff8cb61900 R15: ffff8880b8a22908
FS:  0000000000000000(0000) GS:ffff8881281a6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000cb2e000 CR4: 00000000000000b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup