Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+9eebf5f6544c5e873858@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event
Date: Tue, 28 Apr 2026 01:51:01 -0700	[thread overview]
Message-ID: <69f074f5.050a0220.fa731.0000.GAE@google.com> (raw)
In-Reply-To: <20260428080007.2192-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in usbhid_power

INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6580 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:986
 register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1301
 __lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5114
 lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5870
 __mutex_lock_common kernel/locking/rtmutex_api.c:534 [inline]
 mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:553
 usbhid_power+0x56/0x190 drivers/hid/usbhid/hid-core.c:1283
 hid_hw_power include/linux/hid.h:1239 [inline]
 hidraw_open+0x24d/0x8a0 drivers/hid/hidraw.c:302
 chrdev_open+0x4d0/0x5f0 fs/char_dev.c:411
 do_dentry_open+0x83d/0x13e0 fs/open.c:947
 vfs_open+0x3b/0x350 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2e43/0x38a0 fs/namei.c:4858
 do_file_open+0x23e/0x4a0 fs/namei.c:4887
 do_sys_openat2+0x113/0x200 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fce44f9d60e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fce4463db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fce4463e6c0 RCX: 00007fce44f9d60e
RDX: 0000000000000002 RSI: 00007fce4463dc00 RDI: ffffffffffffff9c
RBP: 00007fce4463dc00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007fce45256038 R14: 00007fce45255fa0 R15: 00007ffd81c3c108
 </TASK>


Tested on:

commit:         39704f00 Add linux-next specific files for 20260427
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11dc1896580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=dea2372337a7c0e
dashboard link: https://syzkaller.appspot.com/bug?extid=9eebf5f6544c5e873858
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=175e0a73980000

next prev parent reply	other threads:[~2026-04-28  8:51 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-27  3:28 [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event syzbot
2026-04-27  5:05 ` Edward Adam Davis
2026-04-27  6:03   ` syzbot
2026-04-27  9:18 ` Edward Adam Davis
2026-04-27 12:49   ` syzbot
2026-04-27 13:11 ` Edward Adam Davis
2026-04-27 14:09   ` syzbot
2026-04-27 23:21 ` Hillf Danton
2026-04-27 23:57   ` syzbot
2026-04-28  1:04 ` Edward Adam Davis
2026-04-28  4:05   ` syzbot
2026-04-28  3:51 ` Hillf Danton
2026-04-28  4:37   ` syzbot
2026-04-28  4:12 ` [PATCH] hwmon: prevent packets from going to driver for probe Edward Adam Davis
2026-04-28  8:00 ` [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event Hillf Danton
2026-04-28  8:51   ` syzbot [this message]
2026-04-28 11:33 ` Hillf Danton
2026-04-28 12:03   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69f074f5.050a0220.fa731.0000.GAE@google.com \
    --to=syzbot+9eebf5f6544c5e873858@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox