All of lore.kernel.org
 help / color / mirror / Atom feed
From: Yu Hao <yhao016@ucr.edu>
To: richard@nod.at, miquel.raynal@bootlin.com, vigneshr@ti.com,
	linux-mtd@lists.infradead.or, linux-kernel@vger.kernel.org
Subject: BUG: divide error in ubi_attach_mtd_dev
Date: Mon, 17 Apr 2023 22:10:42 -0700	[thread overview]
Message-ID: <CA+UBctD_w=75wChmePZHp7KsBSNPWYGDBtzHPRPPtaFoqhGvXA@mail.gmail.com> (raw)

Hello,

We found the following issue using syzkaller on Linux v6.2.0.
The full report:
https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb

The brief report is below:

ubi: mtd0 is already attached to ubi0
ubi7: attaching mtd147
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 20023 Comm: syz-executor.0 Not tainted 6.2.0 #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:mtd_div_by_eb include/linux/mtd/mtd.h:580 [inline]
RIP: 0010:io_init drivers/mtd/ubi/build.c:620 [inline]
RIP: 0010:ubi_attach_mtd_dev+0x77f/0x2fe0 drivers/mtd/ubi/build.c:955
Code: fc ff df 48 c1 ea 03 0f b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38
d0 7c 08 84 d2 0f 85 1f 25 00 00 41 8b 4c 24 10 48 89 d8 31 d2 <48> f7
f1 48 89 c3 e8 b6 f3 1b fc 48 8d 85 40 17 00 00 48 89 c2 48
RSP: 0018:ffffc9000be0fd30 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff888047a49d40 RDI: 0000000000000002
RBP: ffff888024e1c000 R08: 0000000000000016 R09: fffff520017c1f47
R10: ffffc9000be0fa37 R11: fffff520017c1f46 R12: ffff88806545a000
R13: 0000000000000000 R14: ffff88806545a010 R15: 0000000000000007
FS:  00007fd45e85c700(0000) GS:ffff88802ca00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f64aeef53a4 CR3: 000000004f39a000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ctrl_cdev_ioctl+0x303/0x3a0 drivers/mtd/ubi/cdev.c:1043
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0x198/0x210 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd45d6902fd
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd45e85bc58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd45d7bbf60 RCX: 00007fd45d6902fd
RDX: 0000000020000000 RSI: 0000000040186f40 RDI: 0000000000000005
RBP: 00007fd45d6fec89 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff676814bf R14: 00007fff67681670 R15: 00007fd45e85bdc0
 </TASK>

             reply	other threads:[~2023-04-18  5:11 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-18  5:10 Yu Hao [this message]
2023-04-18  5:16 ` BUG: divide error in ubi_attach_mtd_dev Yu Hao
2023-04-18  5:16   ` Yu Hao
2023-04-18  6:30   ` Richard Weinberger
2023-04-18  6:30     ` Richard Weinberger
2023-04-20  4:49     ` Zhihao Cheng
2023-04-20  4:49       ` Zhihao Cheng
2023-04-20 17:27       ` Yu Hao
2023-04-20 17:27         ` Yu Hao
2023-04-20 17:33         ` Richard Weinberger
2023-04-20 17:33           ` Richard Weinberger
2023-04-20 18:14           ` Yu Hao
2023-04-20 18:14             ` Yu Hao
2023-04-20 20:36             ` Richard Weinberger
2023-04-20 20:36               ` Richard Weinberger
2023-04-23  3:20               ` Zhihao Cheng
2023-04-23  3:20                 ` Zhihao Cheng
2023-04-23  8:02                 ` Richard Weinberger
2023-04-23  8:02                   ` Richard Weinberger
2023-04-23  9:13                   ` Zhihao Cheng
2023-04-23  9:13                     ` Zhihao Cheng
2023-10-02 10:11                     ` Lee Jones
2023-10-02 10:11                       ` Lee Jones
2023-10-02 10:28                       ` Richard Weinberger
2023-10-02 10:28                         ` Richard Weinberger
2023-10-02 14:04                         ` Lee Jones
2023-10-02 14:04                           ` Lee Jones
2023-10-02 14:15                           ` Richard Weinberger
2023-10-02 14:15                             ` Richard Weinberger
2023-10-02 14:36                             ` Lee Jones
2023-10-02 14:36                               ` Lee Jones
2023-06-20  9:17 ` admamiac

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+UBctD_w=75wChmePZHp7KsBSNPWYGDBtzHPRPPtaFoqhGvXA@mail.gmail.com' \
    --to=yhao016@ucr.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.or \
    --cc=miquel.raynal@bootlin.com \
    --cc=richard@nod.at \
    --cc=vigneshr@ti.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.