Hello, syzbot found the following issue on: HEAD commit: 6cc11d2a1759 Add linux-next specific files for 20220630 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1640f850080000 kernel config: https://syzkaller.appspot.com/x/.config?x=54f75b620e3845dd dashboard link: https://syzkaller.appspot.com/bug?extid=fe013f55a2814a9e8cfd compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+fe013f55a2814a9e8cfd@xxxxxxxxxxxxxxxxxxxxxxxxx Block layer SCSI generic (bsg) driver version 0.4 loaded (major 240) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: button: Power Button [PWRF] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 ACPI: button: Sleep Button [SLPF] ACPI: \_SB_.LNKC: Enabled at IRQ 11 virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKD: Enabled at IRQ 10 virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKB: Enabled at IRQ 10 virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A Non-volatile memory driver v1.3 Linux agpgart interface v0.103 ACPI: bus type drm_connector registered [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 Console: switching to colour frame buffer device 128x48 platform vkms: [drm] fb0: vkmsdrmfb frame buffer device usbcore: registered new interface driver udl brd: module loaded loop: module loaded zram: Added device: zram0 null_blk: disk nullb0 created null_blk: module loaded Guest personality initialized and is inactive VMCI host device registered (name=vmci, major=10, minor=119) Initialized host personality usbcore: registered new interface driver rtsx_usb usbcore: registered new interface driver viperboard usbcore: registered new interface driver dln2 usbcore: registered new interface driver pn533_usb nfcsim 0.2 initialized usbcore: registered new interface driver port100 usbcore: registered new interface driver nfcmrvl Loading iSCSI transport class v2.0-870. scsi host0: Virtio SCSI HBA st: Version 20160209, fixed bufsize 32768, s/g segs 256 Rounding down aligned max_sectors from 4294967295 to 4294967288 db_root: cannot open: /etc/target slram: not enough parameters. general protection fault, probably for non-canonical address 0xdffffc00000000ac: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000560-0x0000000000000567] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc4-next-20220630-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 RIP: 0010:dev_of_node include/linux/device.h:862 [inline] RIP: 0010:mtd_check_of_node drivers/mtd/mtdcore.c:563 [inline] RIP: 0010:add_mtd_device+0xbc8/0x1520 drivers/mtd/mtdcore.c:721 Code: 48 81 fd 60 fe ff ff 0f 84 90 fd ff ff e8 b0 10 97 fc 48 8d bd 60 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 08 00 00 48 8b ad 60 05 00 00 48 85 ed 0f 84 RSP: 0000:ffffc90000067c98 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88801ebf2000 RCX: 0000000000000000 RDX: 00000000000000ac RSI: ffffffff84e3a650 RDI: 0000000000000560 RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 R10: ffffffff89c00000 R11: 0000000000000001 R12: ffff88801ebf2004 R13: ffff88801ebf2028 R14: 0000000000000000 R15: 0000000005a00000 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000000ba8e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> mtd_device_parse_register+0x50c/0x850 drivers/mtd/mtdcore.c:1032 mtdram_init_device+0x291/0x350 drivers/mtd/devices/mtdram.c:146 init_mtdram+0xe5/0x177 drivers/mtd/devices/mtdram.c:171 do_one_initcall+0xfe/0x650 init/main.c:1300 do_initcall_level init/main.c:1375 [inline] do_initcalls init/main.c:1391 [inline] do_basic_setup init/main.c:1410 [inline] kernel_init_freeable+0x6b1/0x73a init/main.c:1617 kernel_init+0x1a/0x1d0 init/main.c:1506 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dev_of_node include/linux/device.h:862 [inline] RIP: 0010:mtd_check_of_node drivers/mtd/mtdcore.c:563 [inline] RIP: 0010:add_mtd_device+0xbc8/0x1520 drivers/mtd/mtdcore.c:721 Code: 48 81 fd 60 fe ff ff 0f 84 90 fd ff ff e8 b0 10 97 fc 48 8d bd 60 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 08 00 00 48 8b ad 60 05 00 00 48 85 ed 0f 84 RSP: 0000:ffffc90000067c98 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88801ebf2000 RCX: 0000000000000000 RDX: 00000000000000ac RSI: ffffffff84e3a650 RDI: 0000000000000560 RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 R10: ffffffff89c00000 R11: 0000000000000001 R12: ffff88801ebf2004 R13: ffff88801ebf2028 R14: 0000000000000000 R15: 0000000005a00000 FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff88823ffff000 CR3: 000000000ba8e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 81 fd 60 fe ff ff cmp $0xfffffffffffffe60,%rbp 7: 0f 84 90 fd ff ff je 0xfffffd9d d: e8 b0 10 97 fc callq 0xfc9710c2 12: 48 8d bd 60 05 00 00 lea 0x560(%rbp),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 da 08 00 00 jne 0x90e 34: 48 8b ad 60 05 00 00 mov 0x560(%rbp),%rbp 3b: 48 85 ed test %rbp,%rbp 3e: 0f .byte 0xf 3f: 84 .byte 0x84 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.