syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: use-after-free Read in hidinput_hid_event

Status: closed as dup on 2020/06/18 12:11
Subsystems: input
[Documentation on labels]
Reported-by: syzbot+c961cb836a707f66e2f8@syzkaller.appspotmail.com
First crash: 1589d, last: 1575d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: global-out-of-bounds Write in kbd_event serial input usb C 6 1609d 1631d
Discussions (1)
Title Replies (including bot) Last reply
KASAN: use-after-free Read in hidinput_hid_event 1 (2) 2020/06/18 12:10

Sample crash report:
==================================================================
BUG: KASAN: use-after-free in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
BUG: KASAN: use-after-free in hidinput_hid_event+0x1111/0x15d3 drivers/hid/hid-input.c:1381
Read of size 8 at addr ffff8881cffdc000 by task swapper/0/0

CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.5.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 print_address_description.constprop.0+0x16/0x200 mm/kasan/report.c:374
 __kasan_report.cold+0x37/0x7f mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:639
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x152/0x1c0 mm/kasan/generic.c:192
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 hidinput_hid_event+0x1111/0x15d3 drivers/hid/hid-input.c:1381
 hid_process_event+0x4a0/0x580 drivers/hid/hid-core.c:1506
 hid_input_field drivers/hid/hid-core.c:1550 [inline]
 hid_report_raw_event+0xabb/0xed0 drivers/hid/hid-core.c:1757
 hid_input_report+0x315/0x3f0 drivers/hid/hid-core.c:1824
 hid_i

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/01 19:51 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 25a0186e .config console log report syz C ci2-upstream-usb
2019/12/18 14:50 https://github.com/google/kasan.git usb-fuzzer d533c9925862 64ca0a37 .config console log report syz C ci2-upstream-usb
* Struck through repros no longer work on HEAD.