bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67 building syzkaller on 1a3f94087169f62f9a5832828f62b4900e98b781 testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.4.1 20210217 kernel signature: 58216c28e10ec8a532da80083b6b6a662f3649c645669a7a7fe4cfc53add5301 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #3: crashed: BUG: unable to handle kernel run #4: crashed: BUG: unable to handle kernel run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #7: crashed: BUG: unable to handle kernel run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #9: crashed: BUG: unable to handle kernel run #10: crashed: BUG: unable to handle kernel run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #12: crashed: BUG: unable to handle kernel run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #15: crashed: INFO: task hung in hub_port_init run #16: crashed: INFO: task hung in hub_port_init run #17: crashed: INFO: task hung in hub_port_init run #18: crashed: INFO: task hung in hub_port_init run #19: crashed: INFO: task hung in hub_port_init testing current HEAD cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 testing commit cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 with gcc (GCC) 8.4.1 20210217 kernel signature: da6b49e5d358ba709ed320537920db943048cf641261fa51ff58fbf9a92f7294 all runs: OK # git bisect start cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 cbfa1702aaf69b2311ea1b35e04f113c48368c67 Bisecting: 1077 revisions left to test after this (roughly 10 steps) [aa2c75ce06dc79c12639ffbf469d4507f8dfc068] media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() testing commit aa2c75ce06dc79c12639ffbf469d4507f8dfc068 with gcc (GCC) 8.4.1 20210217 kernel signature: 9c953eb5524410fc644559f9a03ac52282b59e4b4d7428f51235314d0f8fa788 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #3: crashed: BUG: unable to handle kernel run #4: crashed: BUG: unable to handle kernel run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #8: crashed: INFO: task hung in hub_port_init run #9: crashed: INFO: task hung in hub_port_init # git bisect good aa2c75ce06dc79c12639ffbf469d4507f8dfc068 Bisecting: 538 revisions left to test after this (roughly 9 steps) [4fac507d8f03cf4fc3389952521f46b0cda2b063] b43: N-PHY: Fix the update of coef for the PHY revision >= 3case testing commit 4fac507d8f03cf4fc3389952521f46b0cda2b063 with gcc (GCC) 8.4.1 20210217 kernel signature: 10e15abfde316306f3e008019a5342528ec58778b705c440275ab00c2ac0ab31 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #7: crashed: INFO: task hung in hub_port_init run #8: crashed: INFO: task hung in hub_port_init run #9: crashed: INFO: task hung in hub_port_init # git bisect good 4fac507d8f03cf4fc3389952521f46b0cda2b063 Bisecting: 269 revisions left to test after this (roughly 8 steps) [9d6a72270f35dc77569f8f7ceac9ade407d71772] staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() testing commit 9d6a72270f35dc77569f8f7ceac9ade407d71772 with gcc (GCC) 8.4.1 20210217 kernel signature: b13d6eb61565f1b181abf6392c0c427a40f6f3325233bfd862043564da9fe53b all runs: crashed: general protection fault in try_to_wake_up # git bisect good 9d6a72270f35dc77569f8f7ceac9ade407d71772 Bisecting: 134 revisions left to test after this (roughly 7 steps) [b3234384a256c8ac160cb0f5ae2c6528b9c32668] ext4: fix bh ref count on error paths testing commit b3234384a256c8ac160cb0f5ae2c6528b9c32668 with gcc (GCC) 8.4.1 20210217 kernel signature: 9c8e6b83e9dcd7e3efeef0536d83e285a968afba208088387ed1b1e29160472a all runs: crashed: general protection fault in try_to_wake_up # git bisect good b3234384a256c8ac160cb0f5ae2c6528b9c32668 Bisecting: 67 revisions left to test after this (roughly 6 steps) [8cf440ffbbd7373fd7a2405fb1ab146ea4305073] ALSA: aloop: Fix initialization of controls testing commit 8cf440ffbbd7373fd7a2405fb1ab146ea4305073 with gcc (GCC) 8.4.1 20210217 kernel signature: c36b8a002a1a56f983b17a85530cbc9d5a2a191f719e1d7d78809b36ec620103 run #0: crashed: general protection fault in try_to_wake_up run #1: crashed: general protection fault in try_to_wake_up run #2: crashed: general protection fault in try_to_wake_up run #3: crashed: general protection fault in try_to_wake_up run #4: crashed: general protection fault in try_to_wake_up run #5: crashed: general protection fault in try_to_wake_up run #6: crashed: general protection fault in try_to_wake_up run #7: crashed: general protection fault in try_to_wake_up run #8: crashed: general protection fault in try_to_wake_up run #9: OK # git bisect good 8cf440ffbbd7373fd7a2405fb1ab146ea4305073 Bisecting: 33 revisions left to test after this (roughly 5 steps) [4dea7a1bd412311b96bce42614bb4dddce20ddcb] s390/cpcmd: fix inline assembly register clobbering testing commit 4dea7a1bd412311b96bce42614bb4dddce20ddcb with gcc (GCC) 8.4.1 20210217 kernel signature: e1ed32aeb16f9aa7088acc534d63aed7d05ddb11085acb160e07f2bfea8e60d9 all runs: OK # git bisect bad 4dea7a1bd412311b96bce42614bb4dddce20ddcb Bisecting: 16 revisions left to test after this (roughly 4 steps) [5f2a149564ee2b41ab09e90add21153bd5be64d3] usbip: add sysfs_lock to synchronize sysfs code paths testing commit 5f2a149564ee2b41ab09e90add21153bd5be64d3 with gcc (GCC) 8.4.1 20210217 kernel signature: 8197b0e8ef9584cec6162ae2e9790b89f7739273182ce66f440489021415e7d4 all runs: crashed: general protection fault in try_to_wake_up # git bisect good 5f2a149564ee2b41ab09e90add21153bd5be64d3 Bisecting: 8 revisions left to test after this (roughly 3 steps) [22d33117e5305c9fb6e5f78aecdf3c4e21399901] gianfar: Handle error code at MAC address change testing commit 22d33117e5305c9fb6e5f78aecdf3c4e21399901 with gcc (GCC) 8.4.1 20210217 kernel signature: 1d1042c50c90689cd0c2a72aa9f3a5cc1e2e64b3b8be59486bef0577afbf65fb all runs: OK # git bisect bad 22d33117e5305c9fb6e5f78aecdf3c4e21399901 Bisecting: 3 revisions left to test after this (roughly 2 steps) [e3b12e7336b770f4099f7e334e32ef54a5d5e4ee] regulator: bd9571mwv: Fix AVS and DVFS voltage range testing commit e3b12e7336b770f4099f7e334e32ef54a5d5e4ee with gcc (GCC) 8.4.1 20210217 kernel signature: 2a340933854eb17c57fb4c2c1417f01d318b534a9965ff44ec7fe5591d670322 all runs: OK # git bisect bad e3b12e7336b770f4099f7e334e32ef54a5d5e4ee Bisecting: 1 revision left to test after this (roughly 1 step) [534d2cf487b972b2c039bfc55898a7edc2b0ea45] usbip: synchronize event handler with sysfs code paths testing commit 534d2cf487b972b2c039bfc55898a7edc2b0ea45 with gcc (GCC) 8.4.1 20210217 kernel signature: 7fcee557fb063cbc7c5d8802d2a90b286dd8d4ddf716d18f4b4b56d844d3ba0d all runs: OK # git bisect bad 534d2cf487b972b2c039bfc55898a7edc2b0ea45 Bisecting: 0 revisions left to test after this (roughly 0 steps) [fbf3417833b0fb3a2a00377e50622551aaedc0e5] usbip: stub-dev synchronize sysfs code paths testing commit fbf3417833b0fb3a2a00377e50622551aaedc0e5 with gcc (GCC) 8.4.1 20210217 kernel signature: 517f6fa0227985b06c6053e08e9936dfbf0242990157fb6eb8c4798a6b0ae961 all runs: crashed: general protection fault in try_to_wake_up # git bisect good fbf3417833b0fb3a2a00377e50622551aaedc0e5 534d2cf487b972b2c039bfc55898a7edc2b0ea45 is the first bad commit commit 534d2cf487b972b2c039bfc55898a7edc2b0ea45 Author: Shuah Khan Date: Mon Mar 29 19:36:51 2021 -0600 usbip: synchronize event handler with sysfs code paths commit 363eaa3a450abb4e63bd6e3ad79d1f7a0f717814 upstream. Fuzzing uncovered race condition between sysfs code paths in usbip drivers. Device connect/disconnect code paths initiated through sysfs interface are prone to races if disconnect happens during connect and vice versa. Use sysfs_lock to synchronize event handler with sysfs paths in usbip drivers. Cc: stable@vger.kernel.org Reported-and-tested-by: syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com Signed-off-by: Shuah Khan Link: https://lore.kernel.org/r/c5c8723d3f29dfe3d759cfaafa7dd16b0dfe2918.1616807117.git.skhan@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman drivers/usb/usbip/usbip_event.c | 2 ++ 1 file changed, 2 insertions(+) culprit signature: 7fcee557fb063cbc7c5d8802d2a90b286dd8d4ddf716d18f4b4b56d844d3ba0d parent signature: 517f6fa0227985b06c6053e08e9936dfbf0242990157fb6eb8c4798a6b0ae961 revisions tested: 13, total time: 4h12m25.648843027s (build: 2h16m16.813104603s, test: 1h54m46.250672608s) first good commit: 534d2cf487b972b2c039bfc55898a7edc2b0ea45 usbip: synchronize event handler with sysfs code paths recipients (to): ["gregkh@linuxfoundation.org" "skhan@linuxfoundation.org" "syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com"] recipients (cc): []