syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection

Status: fixed on 2021/04/19 07:11
Reported-by: syzbot+635417e3213fd6ab42dd@syzkaller.appspotmail.com
Fix commit: 534d2cf487b9 usbip: synchronize event handler with sysfs code paths
First crash: 1435d, last: 1345d
Fix bisection: fixed by (bisect log) :
commit 534d2cf487b972b2c039bfc55898a7edc2b0ea45
Author: Shuah Khan <skhan@linuxfoundation.org>
Date: Tue Mar 30 01:36:51 2021 +0000

  usbip: synchronize event handler with sysfs code paths

  
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in vhci_shutdown_connection usb C unreliable 3322 1346d 1431d 28/28 closed as dup on 2021/01/20 03:12
linux-4.19 KASAN: null-ptr-deref Write in vhci_shutdown_connection syz done 498 1254d 1435d 1/1 fixed on 2021/07/19 10:10

Sample crash report:
vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
vhci_hcd: disconnect device
vhci_hcd: connection closed
vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
BUG: unable to handle kernel NULL pointer dereference at 000000000000001c
vhci_hcd: connection closed
IP: atomic_inc arch/x86/include/asm/atomic.h:92 [inline]
IP: kthread_stop+0x47/0x640 kernel/kthread.c:550
PGD b50af067 P4D b50af067 
vhci_hcd: connection closed
PUD b55d8067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
CPU: 0 PID: 2862 Comm: kworker/u4:4 Not tainted 4.14.223-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usbip_event event_handler
task: ffff8880ac12e200 task.stack: ffff8880ac178000
vhci_hcd: connection closed
RIP: 0010:atomic_inc arch/x86/include/asm/atomic.h:92 [inline]
RIP: 0010:kthread_stop+0x47/0x640 kernel/kthread.c:550
RSP: 0018:ffff8880ac17fc70 EFLAGS: 00010297
RAX: ffff8880ac12e200 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286
vhci_hcd: connection closed
RBP: fffffffffffffffc R08: ffffffff8b9a1558 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888237d549d8
R13: ffff888237d549c8 R14: fffffbfff1924338 R15: ffffffff898585c0
FS:  0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000001c CR3: 00000000b487b000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vhci_shutdown_connection+0x12a/0x240 drivers/usb/usbip/vhci_hcd.c:1037
 event_handler+0x1c3/0x4a0 drivers/usb/usbip/usbip_event.c:92
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 00 65 8b 1d 6c 2b ca 7e 83 fb 07 0f 87 5b 04 00 00 e8 5e cb 1d 00 8

Crashes (1335):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/03/04 01:06 linux-4.14.y 397a88b2cc86 06ed56cd .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/03 03:33 linux-4.14.y 3242aa3a635c e5b64d68 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/02 00:40 linux-4.14.y 3242aa3a635c 183afb6c .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/01 06:31 linux-4.14.y 3242aa3a635c 4c37c133 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/02/26 13:09 linux-4.14.y 3242aa3a635c 4c37c133 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/02/15 14:37 linux-4.14.y 2c8a3fceddf0 98682e5e .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/02/15 07:34 linux-4.14.y 2c8a3fceddf0 98682e5e .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/02/12 14:58 linux-4.14.y 2c8a3fceddf0 a5f86b15 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/02/04 18:51 linux-4.14.y 2c8a3fceddf0 42b90a7c .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/31 14:37 linux-4.14.y 2c8a3fceddf0 fc9fd31e .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/28 22:00 linux-4.14.y 2d2791fce891 7df34f59 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/25 05:40 linux-4.14.y 2d2791fce891 52e37319 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/24 08:59 linux-4.14.y 2d2791fce891 52e37319 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/20 03:43 linux-4.14.y 2762b48e9611 63631df1 .config console log report syz ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/13 22:38 linux-4.14.y f79dc86058bc a945f0a3 .config console log report syz ci2-linux-4-14
2021/01/13 14:26 linux-4.14.y f79dc86058bc a945f0a3 .config console log report syz ci2-linux-4-14
2021/01/04 16:08 linux-4.14.y 1752938529c6 79264ae3 .config console log report syz ci2-linux-4-14
2020/12/25 16:40 linux-4.14.y 3f2ecb86cb90 b982b3ea .config console log report syz ci2-linux-4-14
2020/12/24 22:45 linux-4.14.y 3f2ecb86cb90 c2c1d1dd .config console log report syz ci2-linux-4-14
2020/12/23 06:21 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/23 00:21 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 08:30 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 07:58 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 07:05 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 05:21 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 05:04 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 04:30 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/22 02:05 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/21 22:36 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/21 22:22 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/21 21:34 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/21 19:35 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/21 10:18 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/21 04:43 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/19 11:10 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/18 18:00 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/17 22:27 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/17 11:41 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/17 11:34 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/17 10:36 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2020/12/16 20:13 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report syz ci2-linux-4-14
2021/03/17 14:24 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 13:18 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 12:15 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 11:02 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 09:37 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 06:41 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 05:27 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 04:06 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/17 00:00 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 20:34 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 19:16 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 17:23 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 16:28 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 14:53 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 13:42 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 09:16 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 08:01 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 06:53 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 05:45 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 04:00 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/16 02:53 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/15 17:33 linux-4.14.y c7150cd2fa8c fdb2bb2c .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/15 14:21 linux-4.14.y c7150cd2fa8c cc1cff8f .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/15 07:54 linux-4.14.y c7150cd2fa8c cc1cff8f .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/15 06:06 linux-4.14.y c7150cd2fa8c cc1cff8f .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/15 04:13 linux-4.14.y c7150cd2fa8c cc1cff8f .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/14 23:34 linux-4.14.y c7150cd2fa8c cc1cff8f .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/14 21:59 linux-4.14.y c7150cd2fa8c cc1cff8f .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/14 17:42 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/14 06:26 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 20:48 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 18:41 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 14:02 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 11:33 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 09:43 linux-4.14.y c7150cd2fa8c 4a003785 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 06:23 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 04:19 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/13 03:09 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 23:26 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 20:16 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 17:31 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 16:06 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 14:37 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 11:58 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 10:15 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/03/12 08:40 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
2021/01/17 10:37 linux-4.14.y f79dc86058bc 813be542 .config console log report info ci2-linux-4-14
2020/12/16 19:42 linux-4.14.y 3f2ecb86cb90 04201c06 .config console log report info ci2-linux-4-14
* Struck through repros no longer work on HEAD.