Re: [BUG] KASAN: slab-out-of-bounds in select_usb_power_delivery_show

[Shuangpeng]

> On Jun 14, 2026, at 12:37, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> 
> On Sun, Jun 14, 2026 at 11:22:45AM -0400, Shuangpeng Bai wrote:
>> Hi Kernel Maintainers,
>> 
>> I hit the following report while testing current upstream kernel:
>> 
>> KASAN: slab-out-of-bounds in select_usb_power_delivery_show
>> 
>> on commit: e8c2f9fdadee7cbc75134dc463c1e0d856d6e5c7 (May 25 2026)
> 
> What about the latest tree?

I retested it on the latest Linus tree:

424280953322cf66314f3ba5e2d1ef345f21c770

The same bug still reproduces there.

>> 
>> The reproducer and .config files are here.
>> https://gist.github.com/shuangpengbai/79c08ada299b3ae37b7a0af292ca413f
>> 
>> I'm happy to test debug patches or provide additional information.
>> 
>> Reported-by: Shuangpeng Bai <shuangpeng.kernel@xxxxxxxxx>
>> 
>> [  102.318332] BUG: KASAN: slab-out-of-bounds in select_usb_power_delivery_show (drivers/usb/typec/class.c:1642)
>> [  102.319225] Read of size 8 at addr ffff888117d2f2c0 by task cat/8378
>> [  102.319943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> 
> Does this happen on real hardware, or just on emulated hardware?

I have only reproduced it in QEMU so far, not on real hardware.
The repro uses QEMU to emulate the hardware environment needed to load the
FUSB302/TCPM driver path. I have not tested whether the same issue happens on
physical hardware.

Please let me know if any additional information would be helpful.

> 
> thanks,
> 
> greg k-h