syzbot

 sign-in | mailing list | source | docs
🐞 Open [97]
🐞 Fixed [6]
🐞 Invalid [38]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in s32ton

Status: premoderation: reported C repro on 2025/07/14 11:42
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+8edfb0ff3f6146c71bc6@syzkaller.appspotmail.com
First crash: 154d, last: 37d
Bug presence (2)
Date Name Commit Repro Result
2025/07/15 lts (merge base) e0e2f7824338 C [report] UBSAN: shift-out-of-bounds in s32ton
2025/07/15 upstream (ToT) 155a3c003e55 C [report] UBSAN: shift-out-of-bounds in s32ton
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in s32ton input usb -1 18 294d 399d 0/29 auto-obsoleted due to no activity on 2025/05/23 12:14
upstream UBSAN: shift-out-of-bounds in s32ton (2) input usb -1 C 4 147d 154d 29/29 fixed on 2025/09/04 16:57
android-5-15 UBSAN: shift-out-of-bounds in s32ton origin:lts -1 C 5 6d23h 7d01h 0/2 upstream: reported C repro on 2025/12/08 23:28
android-6-1 UBSAN: shift-out-of-bounds in s32ton origin:lts -1 C 3 23d 37d 0/2 upstream: reported C repro on 2025/11/08 09:31
Last patch testing requests (4)
Created Duration User Patch Repo Result
2025/11/22 15:43 6m retest repro android16-6.12 error
2025/11/22 15:43 3m retest repro android16-6.12 error
2025/10/08 06:28 9m retest repro android16-6.12 report log
2025/07/28 21:22 8m retest repro android16-6.12 report log

Sample crash report:
microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
microsoft 0003:045E:07DA.0001: unsupported Resolution Multiplier 0
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1354:16
shift exponent 4294967295 is too large for 32-bit type '__s32' (aka 'int')
CPU: 1 UID: 0 PID: 354 Comm: kworker/1:2 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 ubsan_epilogue+0xe/0x40 lib/ubsan.c:231
 __ubsan_handle_shift_out_of_bounds+0x386/0x420 lib/ubsan.c:468
 s32ton+0xed/0x150 drivers/hid/hid-core.c:1354
 hid_output_field drivers/hid/hid-core.c:1832 [inline]
 hid_output_report+0x427/0x790 drivers/hid/hid-core.c:1864
 __hid_request+0x15c/0x4c0 drivers/hid/hid-core.c:1987
 hidinput_change_resolution_multipliers drivers/hid/hid-input.c:1947 [inline]
 hidinput_connect+0x241b/0x3340 drivers/hid/hid-input.c:2324
 hid_connect+0x49a/0x1a20 drivers/hid/hid-core.c:2245
 hid_hw_start+0xcb/0x160 drivers/hid/hid-core.c:2360
 ms_probe+0x194/0x460 drivers/hid/hid-microsoft.c:391
 __hid_device_probe drivers/hid/hid-core.c:2711 [inline]
 hid_device_probe+0x2c1/0x5d0 drivers/hid/hid-core.c:2748
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2d6/0x890 drivers/base/dd.c:657
 __driver_probe_device+0x198/0x280 drivers/base/dd.c:799
 driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
 __device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
 bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
 __device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
 device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
 bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
 device_add+0x80c/0xc00 drivers/base/core.c:3692
 hid_add_device+0x39b/0x560 drivers/hid/hid-core.c:2894
 usbhid_probe+0xde3/0x12b0 drivers/hid/usbhid/hid-core.c:1435
 usb_probe_interface+0x696/0xc00 drivers/usb/core/driver.c:403
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2d6/0x890 drivers/base/dd.c:657
 __driver_probe_device+0x198/0x280 drivers/base/dd.c:799
 driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
 __device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
 bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
 __device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
 device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
 bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
 device_add+0x80c/0xc00 drivers/base/core.c:3692
 usb_set_configuration+0x1ad4/0x20b0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x95/0x160 drivers/usb/core/generic.c:254
 usb_probe_device+0x1d4/0x380 drivers/usb/core/driver.c:298
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2d6/0x890 drivers/base/dd.c:657
 __driver_probe_device+0x198/0x280 drivers/base/dd.c:799
 driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
 __device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
 bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
 __device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
 device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
 bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
 device_add+0x80c/0xc00 drivers/base/core.c:3692
 usb_new_device+0x9ed/0x1590 drivers/usb/core/hub.c:2690
 hub_port_connect drivers/usb/core/hub.c:5561 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5701 [inline]
 port_event drivers/usb/core/hub.c:5865 [inline]
 hub_event+0x2c81/0x4270 drivers/usb/core/hub.c:5947
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x7d2/0x1020 kernel/workqueue.c:3319
 worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
 kthread+0x2ca/0x370 kernel/kthread.c:389
 ret_from_fork+0x67/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
---[ end trace ]---
microsoft 0003:045E:07DA.0001: No inputs registered, leaving
microsoft 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
microsoft 0003:045E:07DA.0001: no inputs found
microsoft 0003:045E:07DA.0001: could not initialize ff, continuing anyway
usb 3-1: USB disconnect, device number 2

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/08 09:59 android16-6.12 0d6730ee6542 4e1406b4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust UBSAN: shift-out-of-bounds in s32ton
2025/11/06 23:19 android16-6.12 0d6730ee6542 4e1406b4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust UBSAN: shift-out-of-bounds in s32ton
2025/07/14 11:41 android16-6.12 21ed84930c16 d8fc7335 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust UBSAN: shift-out-of-bounds in s32ton
* Struck through repros no longer work on HEAD.