vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000604 pgd = 88e89140 [00000604] *pgd=88ed0003, *pmd=fe7c3003 Internal error: Oops: 207 [#1] PREEMPT SMP ARM Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 4492 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller #0 Hardware name: ARM-Versatile Express PC is at __lock_acquire+0x4e8/0x3318 kernel/locking/lockdep.c:4770 LR is at debug_locks+0x0/0x4 pc : [<802bc480>] lr : [<838233f0>] psr: 20000093 sp : 88f27bd0 ip : 88f26000 fp : 88f27cac r10: 00000080 r9 : 88f1d140 r8 : 00000001 r7 : 00000000 r6 : 836bb680 r5 : 00000604 r4 : 00000000 r3 : 838455e8 r2 : 00000000 r1 : 00000000 r0 : 00000604 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 88e89140 DAC: fffffffd Process syz-executor.1 (pid: 4492, stack limit = 0x88f26210) Stack: (0x88f27bd0 to 0x88f28000) 7bc0: 88f27c0c 88f27be0 88f1d848 00000004 7be0: 8390e944 e6e5e17a 88f27c18 88f1d140 836bb680 00000000 88f27c14 88f27c08 7c00: 88f1d868 00000005 8390e944 836bb680 88f27c2c 838233f0 8213603c 88f1d828 7c20: 00000003 88f1d140 00000000 00000006 82137d5c 88f1d140 88f27c6c 88f27c48 7c40: 836bb438 8213f048 88f1d140 00000000 88f27c6c 88f27c60 8213603c 82135eec 7c60: 88f27c94 88f27c70 821350fc 8213602c 88f1d848 00000004 8390e944 e6e5e17a 7c80: 88f26000 88f27cb0 836bb680 836bb680 00000000 00000000 60000093 00000080 7ca0: 88f27d24 88f27cb0 802bfea0 802bbfa4 00000001 00000080 00000000 80286768 7cc0: 00000000 00000000 00000000 00000000 88f27d24 88f27ce0 802b9518 802e80ec 7ce0: 8020d140 8020e34c 00000000 8213ee08 60000093 e6e5e17a 000005f4 00000604 7d00: 00000000 00000000 00000000 00000001 00000000 80286768 88f27d64 88f27d28 7d20: 802c0238 802bfdbc 00000001 00000000 80286768 86ac1010 88f27d64 000005f4 7d40: 80286768 a0000013 86ac1010 000005f4 8455b0c8 8468b368 88f27d94 88f27d68 7d60: 8213edf0 802c01d8 00000001 00000000 80286768 82137984 88e330c0 00000000 7d80: 00000000 00000003 88f27dec 88f27d98 80286768 8213eda8 821388d0 86ac0c30 7da0: 8455b0c8 8468b368 00000000 00000000 8213882c 82137984 00004c48 e6e5e17a 7dc0: 8468b350 8455b0c0 88e330c0 8468b350 86ac1010 86ac0c30 8455b0c8 8468b368 7de0: 88f27dfc 88f27df0 80286fc8 80286718 88f27e6c 88f27e00 812008bc 80286fbc 7e00: 82a5e3a8 88f27e34 8213b238 00000000 00000008 00000001 00000013 87d93a80 7e20: 00000004 00000011 00000001 00000001 00000000 00000001 82134f14 e6e5e17a 7e40: 00000001 812003d8 80ab7b18 88ed2280 88ebe310 88f27f08 88ed2280 00000000 7e60: 88f27e84 88f27e70 80ab7b34 812003e4 00000008 80ab7b18 88f27ea4 88f27e88 7e80: 805bcbbc 80ab7b24 00000000 00000000 88ebe300 88ebe310 88f27ed4 88f27ea8 7ea0: 805bbc90 805bcb80 00000000 00000000 00000000 8850d500 00000000 88f26000 7ec0: 88f27f68 00000008 88f27f64 88f27ed8 804dae18 805bbb74 00000008 83ac794f 7ee0: 8850d500 8292ae68 76ff1b90 00000008 00000005 00000000 00000000 88f27ef0 7f00: 00000000 e6e5e17a 8850d500 00000000 00000000 00000000 00000000 00000000 7f20: 00000000 00000000 00000000 00000000 8213baa4 e6e5e17a 805045a0 8850d503 7f40: 8850d500 00000000 00000000 80200224 88f26000 00000004 88f27f94 88f27f68 7f60: 804db070 804dabc4 00000000 00000000 836c4d1c e6e5e17a 00000006 76ff2b90 7f80: 00000008 00000004 88f27fa4 88f27f98 804db104 804db014 00000000 88f27fa8 7fa0: 80200060 804db100 00000006 76ff2b90 00000006 76ff1b90 00000008 00000000 7fc0: 00000006 76ff2b90 00000008 00000004 76ff1b90 76ff26d0 7ea27914 76ff220c 7fe0: 00000000 76ff1b70 00028b34 00028e98 80000010 00000006 00000000 00000000 Backtrace: [<802bbf98>] (__lock_acquire) from [<802bfea0>] (lock_acquire.part.0+0xf0/0x41c kernel/locking/lockdep.c:5510) r10:00000080 r9:60000093 r8:00000000 r7:00000000 r6:836bb680 r5:836bb680 r4:88f27cb0 [<802bfdb0>] (lock_acquire.part.0) from [<802c0238>] (lock_acquire+0x6c/0x74 kernel/locking/lockdep.c:5483) r10:80286768 r9:00000000 r8:00000001 r7:00000000 r6:00000000 r5:00000000 r4:00000604 [<802c01cc>] (lock_acquire) from [<8213edf0>] (__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]) [<802c01cc>] (lock_acquire) from [<8213edf0>] (_raw_spin_lock_irqsave+0x54/0x70 kernel/locking/spinlock.c:159) r10:8468b368 r9:8455b0c8 r8:000005f4 r7:86ac1010 r6:a0000013 r5:80286768 r4:000005f4 [<8213ed9c>] (_raw_spin_lock_irqsave) from [<80286768>] (try_to_wake_up+0x5c/0x8a4 kernel/sched/core.c:3347) r6:00000003 r5:00000000 r4:00000000 [<8028670c>] (try_to_wake_up) from [<80286fc8>] (wake_up_process+0x18/0x1c kernel/sched/core.c:3535) r10:8468b368 r9:8455b0c8 r8:86ac0c30 r7:86ac1010 r6:8468b350 r5:88e330c0 r4:8455b0c0 [<80286fb0>] (wake_up_process) from [<812008bc>] (attach_store+0x4e4/0x504 drivers/usb/usbip/vhci_sysfs.c:422) [<812003d8>] (attach_store) from [<80ab7b34>] (dev_attr_store+0x1c/0x28 drivers/base/core.c:1989) r10:00000000 r9:88ed2280 r8:88f27f08 r7:88ebe310 r6:88ed2280 r5:80ab7b18 r4:812003d8 [<80ab7b18>] (dev_attr_store) from [<805bcbbc>] (sysfs_kf_write+0x48/0x54 fs/sysfs/file.c:139) r5:80ab7b18 r4:00000008 [<805bcb74>] (sysfs_kf_write) from [<805bbc90>] (kernfs_fop_write_iter+0x128/0x1ec fs/kernfs/file.c:296) r7:88ebe310 r6:88ebe300 r5:00000000 r4:00000000 [<805bbb68>] (kernfs_fop_write_iter) from [<804dae18>] (call_write_iter include/linux/fs.h:1977 [inline]) [<805bbb68>] (kernfs_fop_write_iter) from [<804dae18>] (new_sync_write fs/read_write.c:518 [inline]) [<805bbb68>] (kernfs_fop_write_iter) from [<804dae18>] (vfs_write+0x260/0x350 fs/read_write.c:605) r9:00000008 r8:88f27f68 r7:88f26000 r6:00000000 r5:8850d500 r4:00000000 [<804dabb8>] (vfs_write) from [<804db070>] (ksys_write+0x68/0xec fs/read_write.c:658) r10:00000004 r9:88f26000 r8:80200224 r7:00000000 r6:00000000 r5:8850d500 r4:8850d503 [<804db008>] (ksys_write) from [<804db104>] (__do_sys_write fs/read_write.c:670 [inline]) [<804db008>] (ksys_write) from [<804db104>] (sys_write+0x10/0x14 fs/read_write.c:667) r7:00000004 r6:00000008 r5:76ff2b90 r4:00000006 [<804db0f4>] (sys_write) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64) Exception stack(0x88f27fa8 to 0x88f27ff0) 7fa0: 00000006 76ff2b90 00000006 76ff1b90 00000008 00000000 7fc0: 00000006 76ff2b90 00000008 00000004 76ff1b90 76ff26d0 7ea27914 76ff220c 7fe0: 00000000 76ff1b70 00028b34 00028e98 Code: 850b308c 93a03001 950b308c ea00008e (e5902000) ---[ end trace 26623c350fa498c2 ]---