From: syzbot <syzbot+31ae6d17d115e980fd14@syzkaller.appspotmail.com>
To: brouer@redhat.com, gregkh@linuxfoundation.org, hdanton@sina.com,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
skhan@linuxfoundation.org, stern@rowland.harvard.edu,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] INFO: task hung in usb_get_descriptor
Date: Sat, 12 Feb 2022 23:40:13 -0800 [thread overview]
Message-ID: <00000000000007d82605d7e16949@google.com> (raw)
In-Reply-To: <20220213073017.1092-1-hdanton@sina.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KASAN: null-ptr-deref Write in vhci_shutdown_connection
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:71 [inline]
BUG: KASAN: null-ptr-deref in atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline]
BUG: KASAN: null-ptr-deref in refcount_add include/linux/refcount.h:201 [inline]
BUG: KASAN: null-ptr-deref in refcount_inc include/linux/refcount.h:241 [inline]
BUG: KASAN: null-ptr-deref in get_task_struct include/linux/sched/task.h:104 [inline]
BUG: KASAN: null-ptr-deref in kthread_stop+0x90/0x810 kernel/kthread.c:591
Write of size 4 at addr 000000000000001c by task kworker/u4:4/186
CPU: 0 PID: 186 Comm: kworker/u4:4 Not tainted 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usbip_event event_handler
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x16e lib/dump_stack.c:118
__kasan_report mm/kasan/report.c:517 [inline]
kasan_report.cold+0x5/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
instrument_atomic_write include/linux/instrumented.h:71 [inline]
atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline]
refcount_add include/linux/refcount.h:201 [inline]
refcount_inc include/linux/refcount.h:241 [inline]
get_task_struct include/linux/sched/task.h:104 [inline]
kthread_stop+0x90/0x810 kernel/kthread.c:591
vhci_shutdown_connection+0x17f/0x360 drivers/usb/usbip/vhci_hcd.c:1015
event_handler+0x1f0/0x4f0 drivers/usb/usbip/usbip_event.c:78
process_one_work+0x86c/0x16a0 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 186 Comm: kworker/u4:4 Tainted: G B 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usbip_event event_handler
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x16e lib/dump_stack.c:118
panic+0x393/0x7d3 kernel/panic.c:231
end_report+0x4d/0x53 mm/kasan/report.c:104
__kasan_report mm/kasan/report.c:520 [inline]
kasan_report.cold+0xd/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
instrument_atomic_write include/linux/instrumented.h:71 [inline]
atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline]
refcount_add include/linux/refcount.h:201 [inline]
refcount_inc include/linux/refcount.h:241 [inline]
get_task_struct include/linux/sched/task.h:104 [inline]
kthread_stop+0x90/0x810 kernel/kthread.c:591
vhci_shutdown_connection+0x17f/0x360 drivers/usb/usbip/vhci_hcd.c:1015
event_handler+0x1f0/0x4f0 drivers/usb/usbip/usbip_event.c:78
process_one_work+0x86c/0x16a0 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: d3d45f82 Merge tag 'pinctrl-v5.9-2' of git://git.kerne..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
console output: https://syzkaller.appspot.com/x/log.txt?x=125b4faa700000
kernel config: https://syzkaller.appspot.com/x/.config?x=c4f7c05cb42b5045
dashboard link: https://syzkaller.appspot.com/bug?extid=31ae6d17d115e980fd14
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1359552c700000
next parent reply other threads:[~2022-02-13 7:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220213073017.1092-1-hdanton@sina.com>
2022-02-13 7:40 ` syzbot [this message]
[not found] <20220213103641.1247-1-hdanton@sina.com>
2022-02-13 14:29 ` [syzbot] INFO: task hung in usb_get_descriptor syzbot
2020-10-06 8:19 syzbot
2022-02-12 22:43 ` [syzbot] " syzbot
2022-05-12 13:19 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000007d82605d7e16949@google.com \
--to=syzbot+31ae6d17d115e980fd14@syzkaller.appspotmail.com \
--cc=brouer@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=stern@rowland.harvard.edu \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.