KASAN: slab-out-of-bounds Read in mcp2221_raw

Title	Replies (including bot)	Last reply
[syzbot] Monthly usb report (Jun 2025)	0 (1)	2025/06/23 07:31
[syzbot] Monthly input report (Jun 2025)	0 (1)	2025/06/13 12:25
[syzbot] Monthly input report (May 2025)	0 (1)	2025/05/12 13:34
[syzbot] Monthly input report (Apr 2025)	0 (1)	2025/04/09 07:11
[syzbot] Monthly input report (Mar 2025)	0 (1)	2025/03/08 22:15
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event	0 (3)	2025/02/10 03:03
[syzbot] Monthly input report (Feb 2025)	0 (1)	2025/02/05 12:43

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.6	KASAN: use-after-free Read in mcp2221_raw_event				3	1d08h	12d	0/2	upstream: reported on 2025/06/21 10:55

linux-6.6

KASAN: use-after-free Read in mcp2221_raw_event

1d08h

12d

0/2

upstream: reported on 2025/06/21 10:55

================================================================== BUG: KASAN: null-ptr-deref in mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818 Write of size 141 at addr 0000000000000000 by task swapper/1/0 CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-rc1-syzkaller-g9682c35ff6ec #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2113 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:285 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1994 __run_hrtimer kernel/time/hrtimer.c:1738 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1802 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1819 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline] RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline] RIP: 0010:acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112 Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 78 dd ec 78 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 48 9d 39 00 fb f4 <fa> c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000014fd58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8716c579 RDX: 0000000000000001 RSI: ffff888106a98800 RDI: ffff888106a98864 RBP: ffff888106a98864 R08: 0000000000000001 R09: ffffed103eb26f35 R10: ffff8881f59379ab R11: 0000000000000000 R12: ffff8881013d8000 R13: ffffffff8934ea40 R14: 0000000000000001 R15: 0000000000000000 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:699 cpuidle_enter_state+0xaa/0x4f0 drivers/cpuidle/cpuidle.c:268 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:389 cpuidle_idle_call kernel/sched/idle.c:230 [inline] do_idle+0x310/0x3f0 kernel/sched/idle.c:325 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423 start_secondary+0x222/0x2b0 arch/x86/kernel/smpboot.c:315 common_startup_64+0x12c/0x138 </TASK> ================================================================== ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 65 48 8b 05 78 dd ec mov %gs:0x78ecdd78(%rip),%rax # 0x78ecdd90 17: 78 18: 48 8b 00 mov (%rax),%rax 1b: a8 08 test $0x8,%al 1d: 75 0c jne 0x2b 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 48 9d 39 00 verw 0x399d48(%rip) # 0x399d70 28: fb sti 29: f4 hlt * 2a: fa cli <-- trapping instruction 2b: c3 ret 2c: cc int3 2d: cc int3 2e: cc int3 2f: cc int3 30: 90 nop 31: 90 nop 32: 90 nop 33: 90 nop 34: 90 nop 35: 90 nop 36: 90 nop 37: 90 nop 38: 90 nop 39: 90 nop 3a: 90 nop 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop

Crashes (671):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/02/10 03:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	9682c35ff6ec	ef44b750	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2024/12/25 20:55	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d7123c77dc60	444551c4	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/03 09:28	upstream	b4911fb0b060	115ceea7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/30 09:45	upstream	d0b3b7b22dfa	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 18:55	upstream	afa9a6f4f574	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 13:44	upstream	dfba48a70cb6	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 02:12	upstream	dfba48a70cb6	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 00:39	upstream	dfba48a70cb6	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/28 12:19	upstream	35e261cd95dd	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/28 01:49	upstream	35e261cd95dd	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/27 14:08	upstream	67a993863163	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/27 07:02	upstream	e34a79b96ab9	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/27 02:35	upstream	e34a79b96ab9	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/26 23:44	upstream	e34a79b96ab9	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/26 21:11	upstream	e34a79b96ab9	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/25 09:09	upstream	7595b66ae9de	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/24 16:49	upstream	78f4e737a53e	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/24 13:55	upstream	78f4e737a53e	e2f27c35	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/24 08:44	upstream	78f4e737a53e	1a7fb460	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/20 22:42	upstream	41687a5c6f8b	e3003213	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/28 15:07	upstream	35e261cd95dd	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/03 13:25	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cf16f408364e	115ceea7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/02 05:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cf16f408364e	bc80e4f0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/01 10:29	linux-next	1343433ed389	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 21:31	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e35a5d814525	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 20:19	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e35a5d814525	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 17:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e35a5d814525	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 08:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e35a5d814525	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/28 08:43	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/28 04:23	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/26 00:21	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/25 16:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/25 15:53	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/25 02:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/24 19:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/24 06:26	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	9962d0433a86	e2f27c35	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/06 20:04	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d8d936c51388	9ac0fdc6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/04 00:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cdd30ebb1b9f	b50eb251	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/01 05:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	237d4e0f4113	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/02 20:06	upstream	b4911fb0b060	0cd59a8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/02 02:10	upstream	66701750d556	ffe4b334	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/06/28 20:04	upstream	35e261cd95dd	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/06/28 13:45	upstream	35e261cd95dd	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: use-after-free Read in mcp2221_raw_event
2025/06/28 06:42	upstream	35e261cd95dd	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/03 14:40	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cf16f408364e	115ceea7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/02 18:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cf16f408364e	bc80e4f0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/01 12:11	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	7481a97c5f49	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/01 04:03	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	7481a97c5f49	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/30 19:38	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	7481a97c5f49	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/27 21:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/27 04:53	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/26 16:11	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/26 05:23	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: use-after-free Read in mcp2221_raw_event
2025/06/25 04:41	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/24 20:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	eb90d36bfa06	26d77996	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/06/23 13:29	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	9962d0433a86	d6cdfb8a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event

Crashes (671):

Assets (help?)

2025/02/10 03:02

https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing