From: syzbot <syzbot+9eebf5f6544c5e873858@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event
Date: Tue, 28 Apr 2026 01:51:01 -0700 [thread overview]
Message-ID: <69f074f5.050a0220.fa731.0000.GAE@google.com> (raw)
In-Reply-To: <20260428080007.2192-1-hdanton@sina.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in usbhid_power
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6580 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:986
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1301
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5114
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5870
__mutex_lock_common kernel/locking/rtmutex_api.c:534 [inline]
mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:553
usbhid_power+0x56/0x190 drivers/hid/usbhid/hid-core.c:1283
hid_hw_power include/linux/hid.h:1239 [inline]
hidraw_open+0x24d/0x8a0 drivers/hid/hidraw.c:302
chrdev_open+0x4d0/0x5f0 fs/char_dev.c:411
do_dentry_open+0x83d/0x13e0 fs/open.c:947
vfs_open+0x3b/0x350 fs/open.c:1079
do_open fs/namei.c:4699 [inline]
path_openat+0x2e43/0x38a0 fs/namei.c:4858
do_file_open+0x23e/0x4a0 fs/namei.c:4887
do_sys_openat2+0x113/0x200 fs/open.c:1364
do_sys_open fs/open.c:1370 [inline]
__do_sys_openat fs/open.c:1386 [inline]
__se_sys_openat fs/open.c:1381 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1381
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fce44f9d60e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fce4463db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fce4463e6c0 RCX: 00007fce44f9d60e
RDX: 0000000000000002 RSI: 00007fce4463dc00 RDI: ffffffffffffff9c
RBP: 00007fce4463dc00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007fce45256038 R14: 00007fce45255fa0 R15: 00007ffd81c3c108
</TASK>
Tested on:
commit: 39704f00 Add linux-next specific files for 20260427
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11dc1896580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dea2372337a7c0e
dashboard link: https://syzkaller.appspot.com/bug?extid=9eebf5f6544c5e873858
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=175e0a73980000
next prev parent reply other threads:[~2026-04-28 8:51 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 3:28 [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event syzbot
2026-04-27 5:05 ` Edward Adam Davis
2026-04-27 6:03 ` syzbot
2026-04-27 9:18 ` Edward Adam Davis
2026-04-27 12:49 ` syzbot
2026-04-27 13:11 ` Edward Adam Davis
2026-04-27 14:09 ` syzbot
2026-04-27 23:21 ` Hillf Danton
2026-04-27 23:57 ` syzbot
2026-04-28 1:04 ` Edward Adam Davis
2026-04-28 4:05 ` syzbot
2026-04-28 3:51 ` Hillf Danton
2026-04-28 4:37 ` syzbot
2026-04-28 4:12 ` [PATCH] hwmon: prevent packets from going to driver for probe Edward Adam Davis
2026-04-28 8:00 ` [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event Hillf Danton
2026-04-28 8:51 ` syzbot [this message]
2026-04-28 11:33 ` Hillf Danton
2026-04-28 12:03 ` syzbot
2026-04-28 20:27 ` Hillf Danton
2026-04-28 21:19 ` syzbot
2026-05-19 12:52 ` Philipp Weber
2026-05-19 12:52 ` syzbot
2026-05-19 13:00 ` [RFC PATCH] HID: core: quiesce input in hid_hw_stop() to prevent use-after-free Philipp Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69f074f5.050a0220.fa731.0000.GAE@google.com \
--to=syzbot+9eebf5f6544c5e873858@syzkaller.appspotmail.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.