syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: null-ptr-deref Write in vhci_shutdown_connection

Status: fixed on 2021/07/19 10:10
Reported-by: syzbot+f1fa2e262f6a74a8ba44@syzkaller.appspotmail.com
Fix commit: d42c3ebb3156 can: bcm/raw/isotp: use per module netdevice notifier
First crash: 1220d, last: 1039d
Fix bisection: fixed by (bisect log) :
commit d42c3ebb315618ca536ef764e3f929ce1d5c3485
Author: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date: Sat Jun 5 10:26:35 2021 +0000

  can: bcm/raw/isotp: use per module netdevice notifier

  
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in vhci_shutdown_connection usb C unreliable 3322 1131d 1216d 26/26 closed as dup on 2021/01/20 03:12
linux-4.14 BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection syz done 1335 1129d 1220d 1/1 fixed on 2021/04/19 07:11
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2021/07/16 00:01 2h35m bisect fix linux-4.19.y job log (1)
2021/06/15 23:37 23m bisect fix linux-4.19.y job log (0) log
2021/05/16 22:21 22m bisect fix linux-4.19.y job log (0) log
2021/04/16 12:55 21m bisect fix linux-4.19.y job log (0) log

Sample crash report:
vhci_hcd vhci_hcd.0: port 1 already used
vhci_hcd vhci_hcd.0: port 1 already used
vhci_hcd vhci_hcd.0: port 1 already used
vhci_hcd: connection closed
==================================================================
BUG: KASAN: null-ptr-deref in atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
BUG: KASAN: null-ptr-deref in kthread_stop+0x72/0x6b0 kernel/kthread.c:583
Write of size 4 at addr 000000000000001c by task kworker/u4:0/7

CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usbip_event event_handler
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 kasan_report_error.cold+0x15b/0x1b9 mm/kasan/report.c:352
 kasan_report+0x8f/0xa0 mm/kasan/report.c:412
 atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
 kthread_stop+0x72/0x6b0 kernel/kthread.c:583
 vhci_shutdown_connection+0x14e/0x280 drivers/usb/usbip/vhci_hcd.c:1023
 event_handler+0x1f0/0x4f0 drivers/usb/usbip/usbip_event.c:78
 process_one_work+0x864/0x1570 kernel/workqueue.c:2152
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2295
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
==================================================================
vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(3)
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
vhci_hcd: connection closed
vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
vhci_hcd: vhci_device speed not set
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
vhci_hcd: connection closed
vhci_hcd: connection closed
vhci_hcd: connection closed
vhci_hcd: connection closed

Crashes (498):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/22 21:33 linux-4.19.y 255b58a2b3af c26fb06b .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/02/21 01:23 linux-4.19.y 255b58a2b3af 3e5ed8b4 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/02/19 04:48 linux-4.19.y 811218eceeaa 14052202 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/02/18 07:37 linux-4.19.y 811218eceeaa 14052202 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/02/08 11:36 linux-4.19.y 811218eceeaa 2ce644fc .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/02/01 21:41 linux-4.19.y 811218eceeaa e6b95f32 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/01/28 23:06 linux-4.19.y c4ff839de17f 7df34f59 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/01/23 21:32 linux-4.19.y 2263955bf7e7 52e37319 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/01/23 19:45 linux-4.19.y 2263955bf7e7 52e37319 .config console log report syz ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/01/06 22:47 linux-4.19.y 4143d798313f fff20c29 .config console log report syz ci2-linux-4-19
2021/01/06 14:05 linux-4.19.y 3207316b3bee fff20c29 .config console log report syz ci2-linux-4-19
2021/01/05 19:00 linux-4.19.y 3207316b3bee a0234d98 .config console log report syz ci2-linux-4-19
2021/01/05 02:48 linux-4.19.y 3207316b3bee 2a28ff1f .config console log report syz ci2-linux-4-19
2021/01/04 13:15 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/04 10:50 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/04 10:07 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/04 06:49 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/04 04:23 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/04 00:54 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/04 00:11 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/03 21:52 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/03 21:24 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/03 20:13 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/03 19:50 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/03 15:46 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/03 10:12 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2021/01/02 09:18 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz ci2-linux-4-19
2020/12/29 21:04 linux-4.19.y 13d2ce42de8c 80910769 .config console log report syz ci2-linux-4-19
2020/12/27 09:26 linux-4.19.y 13d2ce42de8c 821e0b09 .config console log report syz ci2-linux-4-19
2020/12/26 11:38 linux-4.19.y 13d2ce42de8c 821e0b09 .config console log report syz ci2-linux-4-19
2020/12/25 15:55 linux-4.19.y 13d2ce42de8c b982b3ea .config console log report syz ci2-linux-4-19
2020/12/24 19:03 linux-4.19.y 13d2ce42de8c c2c1d1dd .config console log report syz ci2-linux-4-19
2020/12/24 18:40 linux-4.19.y 13d2ce42de8c c2c1d1dd .config console log report syz ci2-linux-4-19
2020/12/24 16:07 linux-4.19.y 13d2ce42de8c c2c1d1dd .config console log report syz ci2-linux-4-19
2020/12/24 09:57 linux-4.19.y 13d2ce42de8c c2c1d1dd .config console log report syz ci2-linux-4-19
2020/12/24 05:36 linux-4.19.y 13d2ce42de8c c2c1d1dd .config console log report syz ci2-linux-4-19
2020/12/21 17:56 linux-4.19.y 13d2ce42de8c 04201c06 .config console log report syz ci2-linux-4-19
2020/12/21 11:35 linux-4.19.y 13d2ce42de8c 04201c06 .config console log report syz ci2-linux-4-19
2020/12/19 05:51 linux-4.19.y 13d2ce42de8c 04201c06 .config console log report syz ci2-linux-4-19
2020/12/18 09:47 linux-4.19.y 13d2ce42de8c 04201c06 .config console log report syz ci2-linux-4-19
2020/12/17 09:10 linux-4.19.y 13d2ce42de8c 04201c06 .config console log report syz ci2-linux-4-19
2021/03/17 12:55 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/17 10:06 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/17 05:21 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/17 02:50 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/16 20:53 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/16 19:17 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/16 16:05 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/16 10:21 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/16 07:26 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/15 20:32 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/15 18:29 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/15 01:58 linux-4.19.y 030194a5b292 cc1cff8f .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/14 08:46 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/14 07:02 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/14 05:46 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/13 13:42 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/13 11:04 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/13 06:21 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/12 23:12 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/12 21:28 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/12 18:02 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/12 12:28 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/12 08:12 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/12 03:56 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/11 20:29 linux-4.19.y 030194a5b292 c2ca1f2a .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/11 17:17 linux-4.19.y 030194a5b292 c2ca1f2a .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/11 13:01 linux-4.19.y 2cae3e25b706 c2ca1f2a .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/10 22:59 linux-4.19.y 2cae3e25b706 764067f3 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/10 20:38 linux-4.19.y 2cae3e25b706 764067f3 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/10 09:44 linux-4.19.y 2cae3e25b706 26967e35 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/10 03:36 linux-4.19.y 2cae3e25b706 26967e35 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/10 00:14 linux-4.19.y 2cae3e25b706 26967e35 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/09 22:34 linux-4.19.y 2cae3e25b706 26967e35 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/09 08:23 linux-4.19.y 2cae3e25b706 09fbf400 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/08 14:56 linux-4.19.y 2cae3e25b706 09fbf400 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/08 01:03 linux-4.19.y 2cae3e25b706 09fbf400 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/07 19:03 linux-4.19.y 2cae3e25b706 c599ed12 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/07 16:10 linux-4.19.y 2cae3e25b706 c599ed12 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/07 10:20 linux-4.19.y dfb571610ba3 c599ed12 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/07 02:38 linux-4.19.y dfb571610ba3 e4b4d570 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/06 13:45 linux-4.19.y dfb571610ba3 e4b4d570 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/05 16:54 linux-4.19.y dfb571610ba3 9d751681 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/05 14:41 linux-4.19.y dfb571610ba3 9d751681 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/05 12:58 linux-4.19.y dfb571610ba3 9d751681 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/04 23:25 linux-4.19.y dfb571610ba3 f89ed068 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/04 23:04 linux-4.19.y dfb571610ba3 f89ed068 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/04 11:23 linux-4.19.y dfb571610ba3 d7e4e604 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/03/04 07:20 linux-4.19.y 2d19be4653f5 d7e4e604 .config console log report info ci2-linux-4-19 KASAN: null-ptr-deref Write in vhci_shutdown_connection
2021/01/17 08:51 linux-4.19.y 675cc038067f 65a7a854 .config console log report info ci2-linux-4-19
2020/12/16 23:16 linux-4.19.y 13d2ce42de8c 04201c06 .config console log report info ci2-linux-4-19
* Struck through repros no longer work on HEAD.