KASAN: slab-out-of-bounds Read in mcp2221_raw

Title	Replies (including bot)	Last reply
[syzbot] Monthly input report (Apr 2025)	0 (1)	2025/04/09 07:11
[syzbot] Monthly input report (Mar 2025)	0 (1)	2025/03/08 22:15
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event	0 (3)	2025/02/10 03:03
[syzbot] Monthly input report (Feb 2025)	0 (1)	2025/02/05 12:43

================================================================== BUG: KASAN: null-ptr-deref in mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818 Write of size 141 at addr 0000000000000000 by task swapper/1/0 CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-rc1-syzkaller-g9682c35ff6ec #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:818 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2113 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:285 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1994 __run_hrtimer kernel/time/hrtimer.c:1738 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1802 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1819 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline] RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline] RIP: 0010:acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112 Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 78 dd ec 78 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 48 9d 39 00 fb f4 <fa> c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000014fd58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8716c579 RDX: 0000000000000001 RSI: ffff888106a98800 RDI: ffff888106a98864 RBP: ffff888106a98864 R08: 0000000000000001 R09: ffffed103eb26f35 R10: ffff8881f59379ab R11: 0000000000000000 R12: ffff8881013d8000 R13: ffffffff8934ea40 R14: 0000000000000001 R15: 0000000000000000 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:699 cpuidle_enter_state+0xaa/0x4f0 drivers/cpuidle/cpuidle.c:268 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:389 cpuidle_idle_call kernel/sched/idle.c:230 [inline] do_idle+0x310/0x3f0 kernel/sched/idle.c:325 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423 start_secondary+0x222/0x2b0 arch/x86/kernel/smpboot.c:315 common_startup_64+0x12c/0x138 </TASK> ================================================================== ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 65 48 8b 05 78 dd ec mov %gs:0x78ecdd78(%rip),%rax # 0x78ecdd90 17: 78 18: 48 8b 00 mov (%rax),%rax 1b: a8 08 test $0x8,%al 1d: 75 0c jne 0x2b 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 48 9d 39 00 verw 0x399d48(%rip) # 0x399d70 28: fb sti 29: f4 hlt * 2a: fa cli <-- trapping instruction 2b: c3 ret 2c: cc int3 2d: cc int3 2e: cc int3 2f: cc int3 30: 90 nop 31: 90 nop 32: 90 nop 33: 90 nop 34: 90 nop 35: 90 nop 36: 90 nop 37: 90 nop 38: 90 nop 39: 90 nop 3a: 90 nop 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop

Crashes (314):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/02/10 03:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	9682c35ff6ec	ef44b750	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2024/12/25 20:55	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d7123c77dc60	444551c4	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/20 18:12	upstream	6fea5fabd332	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/20 00:08	upstream	8560697b23dc	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/19 02:18	upstream	fc96b232f8e7	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/18 14:43	upstream	fc96b232f8e7	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/16 11:11	upstream	1a1d569a75f3	23b969b7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/15 07:33	upstream	834a4a689699	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/14 10:06	upstream	8ffd015db85f	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/14 02:49	upstream	8ffd015db85f	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/14 00:36	upstream	8ffd015db85f	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/14 00:30	upstream	8ffd015db85f	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/13 20:57	upstream	7cdabafc0012	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/13 06:26	upstream	ecd5d67ad602	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/12 23:06	upstream	ecd5d67ad602	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/12 17:53	upstream	3bde70a2c827	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/12 15:03	upstream	3bde70a2c827	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/11 18:09	upstream	900241a5cc15	12ba9c21	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/10 08:12	upstream	3b07108ada81	988b336c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/09 22:16	upstream	a24588245776	988b336c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/09 21:04	upstream	a24588245776	988b336c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/08 17:18	upstream	0af2f6be1b42	a775275d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/21 04:01	upstream	ac71fabf1567	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/19 00:01	upstream	fc96b232f8e7	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/16 21:15	upstream	c62f4b82d571	23b969b7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/12 09:49	upstream	3bde70a2c827	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/11 21:40	upstream	900241a5cc15	12ba9c21	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/11 03:05	upstream	ab59a8605604	1bc60a19	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/11 01:14	upstream	ab59a8605604	1bc60a19	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/08 23:47	upstream	bec7dcbc242c	b133e63a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/22 09:10	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/21 17:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/20 09:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/20 02:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/18 10:50	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/15 06:24	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	169263214645	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/14 12:44	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	169263214645	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/09 19:59	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0af2f6be1b42	47d015b1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/08 22:32	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0af2f6be1b42	a775275d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/06 20:04	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d8d936c51388	9ac0fdc6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/04 00:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cdd30ebb1b9f	b50eb251	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2024/12/01 05:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	237d4e0f4113	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: slab-out-of-bounds Read in mcp2221_raw_event
2025/04/18 08:48	upstream	b5c6891b2c5b	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/18 06:25	upstream	b5c6891b2c5b	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/12 01:05	upstream	900241a5cc15	12ba9c21	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/11 08:06	upstream	ab59a8605604	1bc60a19	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/10 02:06	upstream	a24588245776	988b336c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/16 12:15	upstream	1a1d569a75f3	23b969b7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/14 21:03	upstream	834a4a689699	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/21 22:03	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/04/20 21:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/18 20:27	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/04/17 17:12	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	229db4cf	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: use-after-free Read in mcp2221_raw_event
2025/04/16 09:42	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f41f7b3d9daf	a95239b1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/04/14 16:01	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	169263214645	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/04/12 05:16	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	169263214645	0bd6db41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event
2025/04/10 11:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	843308666da7	988b336c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	KASAN: null-ptr-deref Write in mcp2221_raw_event

Crashes (314):

Assets (help?)

2025/02/10 03:02

https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing