If usb_add_hcd() fails in vhci_hcd_probe() (i.e., a probe failure), the error path calls usb_remove_hcd() and also sets pdev->dev.driver_data to NULL. Consequently, any subsequent call to platform_get_drvdata(pdev) (which returns pdev->dev.driver_data) may yield NULL, causing a crash if that pointer is dereferenced. Fix this by adding a sanity check to ensure "hcd" is non-NULL before proceeding with further operations. Reported-by: syzbot <syzbot+83976e47ec1ef91e66f1@xxxxxxxxxxxxxxxxxxxxxxxxx> Closes: https://syzkaller.appspot.com/bug?extid=83976e47ec1ef91e66f1 Tested-by: syzbot <syzbot+83976e47ec1ef91e66f1@xxxxxxxxxxxxxxxxxxxxxxxxx> Fixes: 03cd00d538a6 ("usbip: vhci-hcd: Set the vhci structure up to work") Signed-off-by: Qasim Ijaz <qasdev00@xxxxxxxxx> --- drivers/usb/usbip/vhci_sysfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/usbip/vhci_sysfs.c b/drivers/usb/usbip/vhci_sysfs.c index d5865460e82d..d4a1aa6d06b2 100644 --- a/drivers/usb/usbip/vhci_sysfs.c +++ b/drivers/usb/usbip/vhci_sysfs.c @@ -76,6 +76,9 @@ static ssize_t status_show_vhci(int pdev_nr, char *out) } hcd = platform_get_drvdata(pdev); + if (!hcd) + return 0; + vhci_hcd = hcd_to_vhci_hcd(hcd); vhci = vhci_hcd->vhci; -- 2.39.5
