From: syzbot <syzbot+a546141ca6d53b90aba3@syzkaller.appspotmail.com>
To: andrew+netdev@lunn.ch, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, pabeni@redhat.com,
richardcochran@gmail.com, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [net?] BUG: unable to handle kernel NULL pointer dereference in pc_clock_settime
Date: Wed, 29 Oct 2025 11:03:31 -0700 [thread overview]
Message-ID: <690256f3.050a0220.32483.0219.GAE@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: b98c94eed4a9 arm64: mte: Do not warn if the page is alread..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=11260e14580000
kernel config: https://syzkaller.appspot.com/x/.config?x=158bd6857eb7a550
dashboard link: https://syzkaller.appspot.com/bug?extid=a546141ca6d53b90aba3
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c82e514449b/disk-b98c94ee.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a322ed38c368/vmlinux-b98c94ee.xz
kernel image: https://storage.googleapis.com/syzbot-assets/059db7d7114e/Image-b98c94ee.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a546141ca6d53b90aba3@syzkaller.appspotmail.com
Unable to handle kernel NULL pointer dereferenc
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x0000000086000006
EC = 0x21: IABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000133ddc000
[0000000000000000] pgd=0800000105883403, p4d=0800000105883403, pud=0800000127709403, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] SMP
Modules linked in:
CPU: 1 UID: 0 PID: 7008 Comm: syz.4.69 Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400805 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=-c)
pc : 0x0
lr : ptp_clock_settime+0x148/0x264 drivers/ptp/ptp_clock.c:107
sp : ffff8000a2957c40
x29: ffff8000a2957c40 x28: ffff0000cbad5c40 x27: 00000000fffffffb
x26: 1fffe0001975ab88 x25: 000000003b9aca00 x24: dfff800000000000
x23: 00000001ed5d7404 x22: 0000000000989680 x21: 0000000000000000
x20: ffff0000cca30600 x19: ffff8000a2957d00 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1ffff0001452af70 x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001452af71 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000000 x7 : ffff8000877add70 x6 : 0000000000000000
x5 : ffff800093586d90 x4 : 0000000000000002 x3 : ffff80008adffef8
x2 : 0000000000000001 x1 : ffff8000a2957d00 x0 : ffff0000cca30600
Call trace:
0x0 (P)
pc_clock_settime+0x224/0x298 kernel/time/posix-clock.c:304
__do_sys_clock_settime kernel/time/posix-timers.c:1131 [inline]
__se_sys_clock_settime kernel/time/posix-timers.c:1115 [inline]
__arm64_sys_clock_settime+0x208/0x254 kernel/time/posix-timers.c:1115
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:746
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
reply other threads:[~2025-10-29 18:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=690256f3.050a0220.32483.0219.GAE@google.com \
--to=syzbot+a546141ca6d53b90aba3@syzkaller.appspotmail.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=richardcochran@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.