Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler

From: Hillf Danton
Date: Mon Feb 03 2025 - 19:46:40 EST

Next message: Thinh Nguyen: "Re: [PATCH v1 2/2] usb: dwc3: core: Obtain imod_interval from device tree"
Previous message: Frederic Weisbecker: "Re: [PATCH v1 1/1] kthread: Return the assigned value rather than 0"
In reply to: syzbot: "Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler"
Next in thread: syzbot: "Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 03 Feb 2025 12:21:23 -0800
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 2014c95afece Linux 6.14-rc1
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e26eb0580000

#syz test

--- x/drivers/hid/hid-corsair-void.c
+++ y/drivers/hid/hid-corsair-void.c
@@ -726,6 +726,7 @@ static void corsair_void_remove(struct h
if (drvdata->battery)
power_supply_unregister(drvdata->battery);

+ cancel_delayed_work_sync(&drvdata->delayed_status_work);
cancel_delayed_work_sync(&drvdata->delayed_firmware_work);
sysfs_remove_group(&hid_dev->dev.kobj, &corsair_void_attr_group);
}
--

Next message: Thinh Nguyen: "Re: [PATCH v1 2/2] usb: dwc3: core: Obtain imod_interval from device tree"
Previous message: Frederic Weisbecker: "Re: [PATCH v1 1/1] kthread: Return the assigned value rather than 0"
In reply to: syzbot: "Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler"
Next in thread: syzbot: "Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]