syzbot

 sign-in | mailing list | source | docs
🐞 Open [1568]
Subsystems
🐞 Fixed [5936]
🐞 Invalid [14430]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in hid_report_raw_event

Status: closed as dup on 2021/02/16 22:41
Subsystems: input usb
[Documentation on labels]
Reported-by: syzbot+ee5ce0deec4ff5aa64e1@syzkaller.appspotmail.com
First crash: 1408d, last: 1408d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
UBSAN: shift-out-of-bounds in snto32 input usb C error 58 1396d 1468d
Discussions (1)
Title Replies (including bot) Last reply
UBSAN: shift-out-of-bounds in hid_report_raw_event 1 (2) 2021/02/16 22:40
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in hid_report_raw_event (2) input usb C error 1 770d 766d 22/28 fixed on 2023/02/24 13:50
Cause bisection attempts (1)
Created Duration User Patch Repo Result
2021/02/12 00:28 0m bisect upstream error job log

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1315:20
shift exponent 4294967295 is too large for 32-bit type 'int'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x137/0x1be lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:148 [inline]
 __ubsan_handle_shift_out_of_bounds+0x432/0x4d0 lib/ubsan.c:395
 snto32 drivers/hid/hid-core.c:1315 [inline]
 hid_input_field drivers/hid/hid-core.c:1548 [inline]
 hid_report_raw_event+0xa9d/0x1480 drivers/hid/hid-core.c:1783
 hid_input_report+0x3f6/0x4d0 drivers/hid/hid-core.c:1850
 hid_irq_in+0x48d/0x690 drivers/hid/usbhid/hid-core.c:284
 __usb_hcd_giveback_urb+0x375/0x520 drivers/usb/core/hcd.c:1656
 dummy_timer+0xa22/0x2e70 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x91/0x160 kernel/time/timer.c:1417
 expire_timers kernel/time/timer.c:1462 [inline]
 __run_timers+0x6c0/0x8a0 kernel/time/timer.c:1731
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1744
 __do_softirq+0x318/0x714 kernel/softirq.c:343
 asm_call_irq_on_stack

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/12 00:28 upstream 291009f656e8 a5f86b15 .config console log report syz C ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in hid_report_raw_event
2021/02/11 23:43 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in hid_report_raw_event
2021/02/11 23:11 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in hid_report_raw_event
2021/02/11 23:10 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in hid_report_raw_event
* Struck through repros no longer work on HEAD.