syzbot

 sign-in | mailing list | source | docs
🐞 Open [66]
🐞 Fixed [6]
🐞 Invalid [2]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in s32ton

Status: premoderation: reported C repro on 2025/07/14 11:42
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+8edfb0ff3f6146c71bc6@syzkaller.appspotmail.com
First crash: 3d12h, last: 3d12h
Bug presence (2)
Date Name Commit Repro Result
2025/07/15 lts (merge base) e0e2f7824338 C [report] UBSAN: shift-out-of-bounds in s32ton
2025/07/15 upstream (ToT) 155a3c003e55 C [report] UBSAN: shift-out-of-bounds in s32ton
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in s32ton input usb -1 18 143d 248d 0/29 auto-obsoleted due to no activity on 2025/05/23 12:14
upstream UBSAN: shift-out-of-bounds in s32ton (2) input usb -1 C 2 2d13h 3d06h 0/29 upstream: reported C repro on 2025/07/14 17:10

Sample crash report:
usb 1-1: config 0 descriptor??
microsoft 0003:045E:07DA.0001: ignoring exceeding usage max
microsoft 0003:045E:07DA.0001: unsupported Resolution Multiplier 0
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1354:16
shift exponent 4294967295 is too large for 32-bit type '__s32' (aka 'int')
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.12.30-syzkaller-g21ed84930c16 #0 fa4558fba7fa11aa57b2c84caea5bf67b39b1b5f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 ubsan_epilogue+0xe/0x40 lib/ubsan.c:231
 __ubsan_handle_shift_out_of_bounds+0x386/0x420 lib/ubsan.c:468
 s32ton+0xed/0x150 drivers/hid/hid-core.c:1354
 hid_output_field drivers/hid/hid-core.c:1832 [inline]
 hid_output_report+0x427/0x790 drivers/hid/hid-core.c:1864
 __hid_request+0x11e/0x410 drivers/hid/hid-core.c:1977
 hidinput_change_resolution_multipliers drivers/hid/hid-input.c:1950 [inline]
 hidinput_connect+0x241b/0x3340 drivers/hid/hid-input.c:2327
 hid_connect+0x49a/0x1a20 drivers/hid/hid-core.c:2236
 hid_hw_start+0xcb/0x160 drivers/hid/hid-core.c:2351
 ms_probe+0x194/0x460 drivers/hid/hid-microsoft.c:391
 __hid_device_probe drivers/hid/hid-core.c:2702 [inline]
 hid_device_probe+0x2c1/0x5d0 drivers/hid/hid-core.c:2739
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2d3/0x890 drivers/base/dd.c:657
 __driver_probe_device+0x198/0x280 drivers/base/dd.c:799
 driver_probe_devic

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/14 11:41 android16-6.12 21ed84930c16 d8fc7335 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust UBSAN: shift-out-of-bounds in s32ton
* Struck through repros no longer work on HEAD.