KASAN: slab-out-of-bounds Read in mcp2221_raw

Title	Replies (including bot)	Last reply
[syzbot] Monthly input report (Jul 2025)	0 (1)	2025/07/14 07:23
[syzbot] Monthly usb report (Jun 2025)	0 (1)	2025/06/23 07:31
[syzbot] Monthly input report (Jun 2025)	0 (1)	2025/06/13 12:25
[syzbot] Monthly input report (May 2025)	0 (1)	2025/05/12 13:34
[syzbot] Monthly input report (Apr 2025)	0 (1)	2025/04/09 07:11
[syzbot] Monthly input report (Mar 2025)	0 (1)	2025/03/08 22:15
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event	0 (3)	2025/02/10 03:03
[syzbot] Monthly input report (Feb 2025)	0 (1)	2025/02/05 12:43

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.6	KASAN: use-after-free Read in mcp2221_raw_event	19				6	5h05m	25d	0/2	upstream: reported on 2025/06/21 10:55

Kernel

Title

Rank 🛈

linux-6.6

KASAN: use-after-free Read in mcp2221_raw_event

5h05m

25d

0/2

upstream: reported on 2025/06/21 10:55

================================================================== BUG: KASAN: null-ptr-deref in mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818 Write of size 141 at addr 0000000000000000 by task swapper/1/0 CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-rc1-syzkaller-g9682c35ff6ec #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2113 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:285 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1994 __run_hrtimer kernel/time/hrtimer.c:1738 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1802 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1819 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline] RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline] RIP: 0010:acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112 Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 78 dd ec 78 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 48 9d 39 00 fb f4 <fa> c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000014fd58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8716c579 RDX: 0000000000000001 RSI: ffff888106a98800 RDI: ffff888106a98864 RBP: ffff888106a98864 R08: 0000000000000001 R09: ffffed103eb26f35 R10: ffff8881f59379ab R11: 0000000000000000 R12: ffff8881013d8000 R13: ffffffff8934ea40 R14: 0000000000000001 R15: 0000000000000000 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:699 cpuidle_enter_state+0xaa/0x4f0 drivers/cpuidle/cpuidle.c:268 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:389 cpuidle_idle_call kernel/sched/idle.c:230 [inline] do_idle+0x310/0x3f0 kernel/sched/idle.c:325 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423 start_secondary+0x222/0x2b0 arch/x86/kernel/smpboot.c:315 common_startup_64+0x12c/0x138 </TASK> ================================================================== ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 65 48 8b 05 78 dd ec mov %gs:0x78ecdd78(%rip),%rax # 0x78ecdd90 17: 78 18: 48 8b 00 mov (%rax),%rax 1b: a8 08 test $0x8,%al 1d: 75 0c jne 0x2b 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 48 9d 39 00 verw 0x399d48(%rip) # 0x399d70 28: fb sti 29: f4 hlt * 2a: fa cli <-- trapping instruction 2b: c3 ret 2c: cc int3 2d: cc int3 2e: cc int3 2f: cc int3 30: 90 nop 31: 90 nop 32: 90 nop 33: 90 nop 34: 90 nop 35: 90 nop 36: 90 nop 37: 90 nop 38: 90 nop 39: 90 nop 3a: 90 nop 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop

Crashes (780):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/02/10 03:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	9682c35ff6ec	ef44b750	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2024/12/25 20:55	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d7123c77dc60	444551c4	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/16 14:54	upstream	155a3c003e55	c118d736	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/16 12:45	upstream	155a3c003e55	c118d736	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/16 01:49	upstream	155a3c003e55	03fcfc4b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/15 23:33	upstream	155a3c003e55	03fcfc4b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/15 22:00	upstream	155a3c003e55	03fcfc4b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/13 20:27	upstream	3f31a806a62e	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/13 17:30	upstream	3f31a806a62e	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/11 17:20	upstream	bc9ff192a6c9	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/10 15:32	upstream	8c2e52ebbe88	19d4829f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/07 18:05	upstream	d7b8f8e20813	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/07 16:02	upstream	d7b8f8e20813	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/06 13:56	upstream	1f988d0788f5	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/06 08:45	upstream	05df91921da6	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/04 07:14	upstream	17bbde2e1716	76ad128c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/03 20:37	upstream	17bbde2e1716	115ceea7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/29 13:44	upstream	dfba48a70cb6	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/28 01:49	upstream	35e261cd95dd	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/06/20 22:42	upstream	41687a5c6f8b	e3003213	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/13 15:47	upstream	3f31a806a62e	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/08 16:51	upstream	d7b8f8e20813	abade794	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/04 18:40	upstream	4c06e63b9203	d869b261	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/14 16:50	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	d8fc7335	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/14 04:53	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/12 12:52	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/12 07:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/11 23:48	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/10 18:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/10 00:31	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	f4e5e155	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/09 07:47	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d1b07cc0868f	4d9fdfa4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/08 20:16	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d1b07cc0868f	4d9fdfa4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/08 07:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d1b07cc0868f	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/08 02:59	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d1b07cc0868f	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/07 06:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	81c3b7256f9e	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/06 23:24	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	81c3b7256f9e	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/06 21:32	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	81c3b7256f9e	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/05 18:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	81c3b7256f9e	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/04 01:48	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cf16f408364e	76ad128c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/01 10:29	linux-next	1343433ed389	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/06 20:04	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d8d936c51388	9ac0fdc6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/04 00:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cdd30ebb1b9f	b50eb251	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/01 05:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	237d4e0f4113	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/07/16 12:42	upstream	155a3c003e55	c118d736	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/16 11:35	upstream	155a3c003e55	c118d736	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/16 11:26	upstream	155a3c003e55	c118d736	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/16 10:22	upstream	155a3c003e55	c118d736	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/08 00:08	upstream	d7b8f8e20813	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/13 03:43	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: use-after-free Read in mcp2221_raw_event
2025/07/12 11:24	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/11 20:21	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/11 08:44	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b4b4dbfa96de	3cda49cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/08 13:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d1b07cc0868f	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/07 20:08	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d1b07cc0868f	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/06 20:05	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	81c3b7256f9e	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/05 10:42	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	81c3b7256f9e	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/07/05 05:32	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cf16f408364e	d869b261	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event

Crashes (780):

Assets (help?)

2025/02/10 03:02

https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing