syzbot


linux-next boot error: general protection fault in add_mtd_device

Status: upstream: reported on 2022/06/30 09:32
Reported-by: syzbot+fe013f55a2814a9e8cfd@syzkaller.appspotmail.com
Fix commit: 7ec4cdb32173 mtd: core: check partition before dereference
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32 ci-qemu2-riscv64 ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386]
First crash: 46d, last: 13d
Patch testing requests:
Created Duration User Patch Repo Result
2022/07/10 16:33 17m code@siddh.me https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master error
2022/07/07 16:10 17m code@siddh.me https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master error

Sample crash report:
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 240)
io scheduler mq-deadline registered
io scheduler kyber registered
io scheduler bfq registered
input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
ACPI: button: Power Button [PWRF]
input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
ACPI: button: Sleep Button [SLPF]
ACPI: \_SB_.LNKC: Enabled at IRQ 11
virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
ACPI: \_SB_.LNKD: Enabled at IRQ 10
virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
ACPI: \_SB_.LNKB: Enabled at IRQ 10
virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
N_HDLC line discipline registered with maxframe=4096
Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
Non-volatile memory driver v1.3
Linux agpgart interface v0.103
ACPI: bus type drm_connector registered
[drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
Console: switching to colour frame buffer device 128x48
platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
usbcore: registered new interface driver udl
brd: module loaded
loop: module loaded
zram: Added device: zram0
null_blk: disk nullb0 created
null_blk: module loaded
Guest personality initialized and is inactive
VMCI host device registered (name=vmci, major=10, minor=120)
Initialized host personality
usbcore: registered new interface driver rtsx_usb
usbcore: registered new interface driver viperboard
usbcore: registered new interface driver dln2
usbcore: registered new interface driver pn533_usb
nfcsim 0.2 initialized
usbcore: registered new interface driver port100
usbcore: registered new interface driver nfcmrvl
Loading iSCSI transport class v2.0-870.
scsi host0: Virtio SCSI HBA
st: Version 20160209, fixed bufsize 32768, s/g segs 256
Rounding down aligned max_sectors from 4294967295 to 4294967288
db_root: cannot open: /etc/target
slram: not enough parameters.
general protection fault, probably for non-canonical address 0xdffffc00000000ac: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000560-0x0000000000000567]
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc8-next-20220728-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:dev_of_node include/linux/device.h:862 [inline]
RIP: 0010:mtd_check_of_node drivers/mtd/mtdcore.c:563 [inline]
RIP: 0010:add_mtd_device+0xbc8/0x1520 drivers/mtd/mtdcore.c:721
Code: 48 81 fd 60 fe ff ff 0f 84 90 fd ff ff e8 30 67 99 fc 48 8d bd 60 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 08 00 00 48 8b ad 60 05 00 00 48 85 ed 0f 84
RSP: 0000:ffffc90000067c98 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff88801f574000 RCX: 0000000000000000
RDX: 00000000000000ac RSI: ffffffff84e29ff0 RDI: 0000000000000560
RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000
R10: ffffffff89e00000 R11: 0000000000000000 R12: ffff88801f574004
R13: ffff88801f574028 R14: 0000000000000000 R15: 0000000005a00000
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000bc8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 mtd_device_parse_register+0x50c/0x850 drivers/mtd/mtdcore.c:1032
 mtdram_init_device+0x291/0x350 drivers/mtd/devices/mtdram.c:146
 init_mtdram+0xe5/0x177 drivers/mtd/devices/mtdram.c:171
 do_one_initcall+0xfe/0x650 init/main.c:1299
 do_initcall_level init/main.c:1374 [inline]
 do_initcalls init/main.c:1390 [inline]
 do_basic_setup init/main.c:1409 [inline]
 kernel_init_freeable+0x6b1/0x73a init/main.c:1616
 kernel_init+0x1a/0x1d0 init/main.c:1505
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dev_of_node include/linux/device.h:862 [inline]
RIP: 0010:mtd_check_of_node drivers/mtd/mtdcore.c:563 [inline]
RIP: 0010:add_mtd_device+0xbc8/0x1520 drivers/mtd/mtdcore.c:721
Code: 48 81 fd 60 fe ff ff 0f 84 90 fd ff ff e8 30 67 99 fc 48 8d bd 60 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 08 00 00 48 8b ad 60 05 00 00 48 85 ed 0f 84
RSP: 0000:ffffc90000067c98 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff88801f574000 RCX: 0000000000000000
RDX: 00000000000000ac RSI: ffffffff84e29ff0 RDI: 0000000000000560
RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000
R10: ffffffff89e00000 R11: 0000000000000000 R12: ffff88801f574004
R13: ffff88801f574028 R14: 0000000000000000 R15: 0000000005a00000
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000bc8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 81 fd 60 fe ff ff 	cmp    $0xfffffffffffffe60,%rbp
   7:	0f 84 90 fd ff ff    	je     0xfffffd9d
   d:	e8 30 67 99 fc       	callq  0xfc996742
  12:	48 8d bd 60 05 00 00 	lea    0x560(%rbp),%rdi
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 da 08 00 00    	jne    0x90e
  34:	48 8b ad 60 05 00 00 	mov    0x560(%rbp),%rbp
  3b:	48 85 ed             	test   %rbp,%rbp
  3e:	0f                   	.byte 0xf
  3f:	84                   	.byte 0x84

Crashes (117):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2022/08/02 12:37 linux-next 7c5e07b73ff3 1c9013ac .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/29 11:03 linux-next 7c5e07b73ff3 fef302b1 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/28 11:41 linux-next 7c5e07b73ff3 fb95c74d .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/27 18:41 linux-next 9250d2f72dc4 fb95c74d .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/27 12:35 linux-next 9250d2f72dc4 da9d0366 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/27 06:03 linux-next 058affafc65a da9d0366 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/27 06:02 linux-next 058affafc65a da9d0366 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/26 16:25 linux-next 058affafc65a 34795c51 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/26 02:06 linux-next 668af1b65488 34795c51 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/25 11:48 linux-next 668af1b65488 664c519c .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/25 09:36 linux-next 18c107a1f120 664c519c .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/22 11:42 linux-next 18c107a1f120 22343af4 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/21 20:53 linux-next a3fd3ca134d9 5e6028b9 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/21 11:18 linux-next a3fd3ca134d9 6e67af9d .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/21 07:28 linux-next 4ee7eaa411ee 6e67af9d .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/20 18:45 linux-next 4ee7eaa411ee 775344bc .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/20 00:30 linux-next 3b87ed7ea4d5 775344bc .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/19 12:25 linux-next 3b87ed7ea4d5 72a3cc0c .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/19 12:07 linux-next 3b87ed7ea4d5 ff988920 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/18 12:44 linux-next 036ad6daa8f0 ff988920 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/18 11:20 linux-next 036ad6daa8f0 95cb00d1 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/15 18:07 linux-next 6014cfa5bf32 95cb00d1 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/15 13:10 linux-next 6014cfa5bf32 5d921b08 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/14 09:41 linux-next 37b355fdaf31 5d921b08 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/13 07:19 linux-next 734339e5c1c4 5d921b08 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/13 07:19 linux-next 734339e5c1c4 5d921b08 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/12 14:42 linux-next 734339e5c1c4 d91dd8ea .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/12 14:42 linux-next 734339e5c1c4 d91dd8ea .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/12 14:42 linux-next 734339e5c1c4 d91dd8ea .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/12 13:58 linux-next 734339e5c1c4 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/12 13:58 linux-next 734339e5c1c4 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/12 13:58 linux-next 734339e5c1c4 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/11 11:40 linux-next 4112a8699ae2 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/11 11:40 linux-next 4112a8699ae2 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/11 11:40 linux-next 4112a8699ae2 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/11 10:42 linux-next f2528c293858 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/11 10:42 linux-next f2528c293858 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/11 10:42 linux-next f2528c293858 da3d6955 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/08 14:20 linux-next f2528c293858 b5765a15 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/08 14:20 linux-next f2528c293858 b5765a15 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/08 14:20 linux-next f2528c293858 b5765a15 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/08 13:31 linux-next f2528c293858 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/08 13:31 linux-next f2528c293858 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/08 13:31 linux-next f2528c293858 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/07 13:02 linux-next 75d7bf5eae27 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/07 13:02 linux-next 75d7bf5eae27 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/07 13:02 linux-next 75d7bf5eae27 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/06 12:07 linux-next 088b9c375534 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/07/06 12:07 linux-next 088b9c375534 bff65f44 .config log report linux-next boot error: general protection fault in add_mtd_device
ci-upstream-linux-next-kasan-gce-root 2022/06/30 08:05 linux-next 6cc11d2a1759 1434eec0 .config log report linux-next boot error: general protection fault in add_mtd_device