syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-out-of-bounds Read in mcp2221_raw_event

Status: upstream: reported C repro on 2024/12/06 20:05
Subsystems: input usb
[Documentation on labels]
Reported-by: syzbot+52c1a7d3e5b361ccd346@syzkaller.appspotmail.com
First crash: 167d, last: 1h30m
Discussions (5)
Title Replies (including bot) Last reply
[syzbot] Monthly input report (May 2025) 0 (1) 2025/05/12 13:34
[syzbot] Monthly input report (Apr 2025) 0 (1) 2025/04/09 07:11
[syzbot] Monthly input report (Mar 2025) 0 (1) 2025/03/08 22:15
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event 0 (3) 2025/02/10 03:03
[syzbot] Monthly input report (Feb 2025) 0 (1) 2025/02/05 12:43

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818
Write of size 141 at addr 0000000000000000 by task swapper/1/0

CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-rc1-syzkaller-g9682c35ff6ec #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106
 mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818
 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2113
 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:285
 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650
 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734
 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1994
 __run_hrtimer kernel/time/hrtimer.c:1738 [inline]
 __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1802
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1819
 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline]
RIP: 0010:acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 78 dd ec 78 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 48 9d 39 00 fb f4 <fa> c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000014fd58 EFLAGS: 00000246
RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8716c579
RDX: 0000000000000001 RSI: ffff888106a98800 RDI: ffff888106a98864
RBP: ffff888106a98864 R08: 0000000000000001 R09: ffffed103eb26f35
R10: ffff8881f59379ab R11: 0000000000000000 R12: ffff8881013d8000
R13: ffffffff8934ea40 R14: 0000000000000001 R15: 0000000000000000
 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:699
 cpuidle_enter_state+0xaa/0x4f0 drivers/cpuidle/cpuidle.c:268
 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:389
 cpuidle_idle_call kernel/sched/idle.c:230 [inline]
 do_idle+0x310/0x3f0 kernel/sched/idle.c:325
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423
 start_secondary+0x222/0x2b0 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x12c/0x138
 </TASK>
==================================================================
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	65 48 8b 05 78 dd ec 	mov    %gs:0x78ecdd78(%rip),%rax        # 0x78ecdd90
  17:	78
  18:	48 8b 00             	mov    (%rax),%rax
  1b:	a8 08                	test   $0x8,%al
  1d:	75 0c                	jne    0x2b
  1f:	66 90                	xchg   %ax,%ax
  21:	0f 00 2d 48 9d 39 00 	verw   0x399d48(%rip)        # 0x399d70
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	fa                   	cli <-- trapping instruction
  2b:	c3                   	ret
  2c:	cc                   	int3
  2d:	cc                   	int3
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	90                   	nop
  31:	90                   	nop
  32:	90                   	nop
  33:	90                   	nop
  34:	90                   	nop
  35:	90                   	nop
  36:	90                   	nop
  37:	90                   	nop
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop

Crashes (419):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/10 03:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9682c35ff6ec ef44b750 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2024/12/25 20:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d7123c77dc60 444551c4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/17 05:16 upstream 3c21441eeffc f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/15 14:01 upstream 088d13246a46 d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/14 00:03 upstream e9565e23cd89 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/12 21:40 upstream 627277ba7c23 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/12 15:51 upstream 82f2b0b97b36 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/11 20:09 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/11 13:32 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/11 01:44 upstream bec6f00f120e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/11 00:42 upstream 345030986df8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/10 19:46 upstream 0e1329d4045c 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/10 15:58 upstream 0e1329d4045c 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/16 07:52 upstream fee3e843b309 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/14 02:51 upstream e9565e23cd89 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/13 14:41 upstream e9565e23cd89 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/13 10:18 upstream e9565e23cd89 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/12 22:19 upstream 627277ba7c23 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/05 06:05 upstream 92a09c47464d b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/16 16:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ab6dc9a6c721 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/14 07:14 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ab6dc9a6c721 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/13 01:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/12 05:29 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/10 02:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/10 00:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/09 17:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/08 00:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/06 15:26 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/06 11:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/06 10:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/05 17:57 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/05 04:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/05 01:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/02 23:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/05/01 09:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 615dca38c2ea ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/30 18:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 615dca38c2ea 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/30 10:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 615dca38c2ea 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/06 20:04 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d8d936c51388 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/04 00:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cdd30ebb1b9f b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/01 05:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 237d4e0f4113 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/30 00:33 upstream 8bac8898fe39 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: use-after-free Read in mcp2221_raw_event
2025/05/16 15:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ab6dc9a6c721 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/16 03:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ab6dc9a6c721 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/15 06:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ab6dc9a6c721 d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/12 19:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/12 03:48 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in mcp2221_raw_event
2025/05/11 15:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/11 10:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/11 06:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/08 16:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/08 05:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/06 20:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in mcp2221_raw_event
2025/05/06 09:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/04 20:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/04 12:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/03 07:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/03 03:43 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/05/02 03:51 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/04/30 17:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 615dca38c2ea 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: null-ptr-deref Write in mcp2221_raw_event
* Struck through repros no longer work on HEAD.