From: sanan.hasanou@gmail.com
To: efremov@linux.com, axboe@kernel.dk, linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: syzkaller@googlegroups.com, contact@pgazz.com
Subject: general protection fault in reset_interrupt
Date: Fri, 26 Jun 2026 14:29:30 -0700 (PDT) [thread overview]
Message-ID: <6a3eef3a.e743daa7.24bfe1.c86e@mx.google.com> (raw)
Good day, dear maintainers,
We found a bug using a modified version of syzkaller.
Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1pfjd_xagvCCoLD4kK7OQIvvdEBYpavwn>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!
Best regards,
Sanan Hasanov
floppy0: floppy_shutdown: timeout handler died.
floppy0: get result error. Fdc=0 Last status=ffffffff Read bytes=0
floppy driver state
-------------------
now=4294939504 last interrupt=4294939495 diff=9 last called handler=reset_interrupt
timeout_message=do wakeup
last output bytes:
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0
8 80 4294938128
8 80 4294938128
8 80 4294938128
8 80 4294938128
e 80 4294938128
13 80 4294938128
0 90 4294938128
1a 90 4294938128
0 90 4294938128
12 80 4294938128
0 90 4294938128
14 80 4294938128
18 80 4294938128
8 80 4294939495
last result at 4294939495
last redo_fd_request at 4294939495
status=d0
fdc_busy=0
cont=0000000000000000
current_req=0000000000000000
command_status=-1
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 UID: 0 PID: 39 Comm: kworker/u8:3 Not tainted 7.0.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: floppy floppy_work_workfn
RIP: 0010:reset_interrupt+0x136/0x1b0 drivers/block/floppy.c:1790
Code: 62 8d 48 c7 c2 60 ff b9 8b e8 86 98 22 fb e9 3e ff ff ff e8 9c 23 c7 fb 48 8b 1d c5 52 d5 0d 48 83 c3 10 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 6b d4 32 fc 48 8b 33 48 c7 c7 80
RSP: 0018:ffffc90000297ab0 EFLAGS: 00010212
RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffff888015b53a00
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90000297ac0 R08: ffffffff8f76bd77 R09: 1ffffffff1eed7ae
R10: dffffc0000000000 R11: fffffbfff1eed7af R12: ffff888015718818
R13: ffffffff819609fe R14: dffffc0000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880dbbbb000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000000db2b000 CR4: 00000000000006f0
Call Trace:
<TASK>
floppy_work_workfn+0x18/0x20 drivers/block/floppy.c:993
process_one_work kernel/workqueue.c:3275 [inline]
process_scheduled_works+0xa30/0x13d0 kernel/workqueue.c:3358
worker_thread+0xacb/0x1060 kernel/workqueue.c:3439
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x5e4/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:reset_interrupt+0x136/0x1b0 drivers/block/floppy.c:1790
Code: 62 8d 48 c7 c2 60 ff b9 8b e8 86 98 22 fb e9 3e ff ff ff e8 9c 23 c7 fb 48 8b 1d c5 52 d5 0d 48 83 c3 10 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 6b d4 32 fc 48 8b 33 48 c7 c7 80
RSP: 0018:ffffc90000297ab0 EFLAGS: 00010212
RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffff888015b53a00
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90000297ac0 R08: ffffffff8f76bd77 R09: 1ffffffff1eed7ae
R10: dffffc0000000000 R11: fffffbfff1eed7af R12: ffff888015718818
R13: ffffffff819609fe R14: dffffc0000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880dbbbb000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000000db2b000 CR4: 00000000000006f0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 8d 48 c7 lea -0x39(%rax),%ecx
3: c2 60 ff ret $0xff60
6: b9 8b e8 86 98 mov $0x9886e88b,%ecx
b: 22 fb and %bl,%bh
d: e9 3e ff ff ff jmp 0xffffff50
12: e8 9c 23 c7 fb call 0xfbc723b3
17: 48 8b 1d c5 52 d5 0d mov 0xdd552c5(%rip),%rbx # 0xdd552e3
1e: 48 83 c3 10 add $0x10,%rbx
22: 48 89 d8 mov %rbx,%rax
25: 48 c1 e8 03 shr $0x3,%rax
* 29: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 6b d4 32 fc call 0xfc32d4a3
38: 48 8b 33 mov (%rbx),%rsi
3b: 48 rex.W
3c: c7 .byte 0xc7
3d: c7 .byte 0xc7
3e: 80 .byte 0x80
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
next reply other threads:[~2026-06-26 21:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-26 21:29 sanan.hasanou [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-09-12 23:03 general protection fault in reset_interrupt Sanan Hasanov
2023-09-13 2:13 ` Jens Axboe
2021-10-27 1:36 Hao Sun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a3eef3a.e743daa7.24bfe1.c86e@mx.google.com \
--to=sanan.hasanou@gmail.com \
--cc=axboe@kernel.dk \
--cc=contact@pgazz.com \
--cc=efremov@linux.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox