KASAN: use-after-free Read in hidinput_hid

Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
KASAN: global-out-of-bounds Write in kbd_event serial input usb	C			6	1956d	1978d

1956d

1978d

Title	Replies (including bot)	Last reply
KASAN: use-after-free Read in hidinput_hid_event	1 (2)	2020/06/18 12:10

================================================================== BUG: KASAN: use-after-free in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline] BUG: KASAN: use-after-free in hidinput_hid_event+0x1111/0x15d3 drivers/hid/hid-input.c:1381 Read of size 8 at addr ffff8881cffdc000 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.5.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xef/0x16e lib/dump_stack.c:118 print_address_description.constprop.0+0x16/0x200 mm/kasan/report.c:374 __kasan_report.cold+0x37/0x7f mm/kasan/report.c:506 kasan_report+0xe/0x20 mm/kasan/common.c:639 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x152/0x1c0 mm/kasan/generic.c:192 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline] hidinput_hid_event+0x1111/0x15d3 drivers/hid/hid-input.c:1381 hid_process_event+0x4a0/0x580 drivers/hid/hid-core.c:1506 hid_input_field drivers/hid/hid-core.c:1550 [inline] hid_report_raw_event+0xabb/0xed0 drivers/hid/hid-core.c:1757 hid_input_report+0x315/0x3f0 drivers/hid/hid-core.c:1824 hid_i

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2020/01/01 19:51	https://github.com/google/kasan.git usb-fuzzer	ecdf2214f472	25a0186e	.config	console log	report	syz	C			ci2-upstream-usb
2019/12/18 14:50	https://github.com/google/kasan.git usb-fuzzer	d533c9925862	64ca0a37	.config	console log	report	syz	C			ci2-upstream-usb

Crashes (2):