Re: [BUG] KASAN: slab-out-of-bounds in select_usb_power_delivery_show
From: Shuangpeng
Date: Sun Jun 14 2026 - 15:12:19 EST
> On Jun 14, 2026, at 13:32, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sun, Jun 14, 2026 at 01:28:36PM -0400, Shuangpeng wrote:
>>
>>
>>> On Jun 14, 2026, at 12:37, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>>>
>>> On Sun, Jun 14, 2026 at 11:22:45AM -0400, Shuangpeng Bai wrote:
>>>> Hi Kernel Maintainers,
>>>>
>>>> I hit the following report while testing current upstream kernel:
>>>>
>>>> KASAN: slab-out-of-bounds in select_usb_power_delivery_show
>>>>
>>>> on commit: e8c2f9fdadee7cbc75134dc463c1e0d856d6e5c7 (May 25 2026)
>>>
>>> What about the latest tree?
>>
>> I retested it on the latest Linus tree:
>>
>> 424280953322cf66314f3ba5e2d1ef345f21c770
>>
>> The same bug still reproduces there.
>>
>>>>
>>>> The reproducer and .config files are here.
>>>> https://gist.github.com/shuangpengbai/79c08ada299b3ae37b7a0af292ca413f
>>>>
>>>> I'm happy to test debug patches or provide additional information.
>>>>
>>>> Reported-by: Shuangpeng Bai <shuangpeng.kernel@xxxxxxxxx>
>>>>
>>>> [ 102.318332] BUG: KASAN: slab-out-of-bounds in select_usb_power_delivery_show (drivers/usb/typec/class.c:1642)
>>>> [ 102.319225] Read of size 8 at addr ffff888117d2f2c0 by task cat/8378
>>>> [ 102.319943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
>>>
>>> Does this happen on real hardware, or just on emulated hardware?
>>
>> I have only reproduced it in QEMU so far, not on real hardware.
>> The repro uses QEMU to emulate the hardware environment needed to load the
>> FUSB302/TCPM driver path. I have not tested whether the same issue happens on
>> physical hardware.
>>
>> Please let me know if any additional information would be helpful.
>
> If you could test on real hardware, that would be best. How do we know
> that qemu is actually correct? :)
Thanks for the clarification, that makes sense.
Unfortunately, I do not have real FUSB302/TCPM hardware available to test this
on, so I cannot confirm whether it happens on physical hardware.
> thanks,
>
> greg k-h